Treat first name/value pair in Set-Cookie: as the cookie name [RFC compliance] #709
RFC 6265 section 4.1.1 spells out that the first name/value pair in the header is the actual cookie name and content, while the following are the parameters.
libcurl currently has a more liberal approach which causes significant problems when introducing new cookie parameters, like the suggested new cookie priority draft.
The current parser gets all n/v pairs and the first name isn't a known parameter will be considered the cookie, thus accepting
The text was updated successfully, but these errors were encountered: