/curl

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Treat first name/value pair in Set-Cookie: as the cookie name [RFC compliance] #709

Closed
bagder opened this Issue Mar 9, 2016 · 0 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
1 participant
@bagder
@bagder
Member

bagder commented Mar 9, 2016

RFC 6265 section 4.1.1 spells out that the first name/value pair in the header is the actual cookie name and content, while the following are the parameters.

libcurl currently has a more liberal approach which causes significant problems when introducing new cookie parameters, like the suggested new cookie priority draft.

The current parser gets all n/v pairs and the first name isn't a known parameter will be considered the cookie, thus accepting Set-Cookie: Max-Age=2; name=daniel while an RFC compliant parser should consider that to be a cookie named 'Max-Age'.

@bagder bagder added the HTTP label Mar 9, 2016

@bagder bagder closed this in 7f7fcd0 Mar 10, 2016

@lock lock bot locked as resolved and limited conversation to collaborators May 7, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.