From 0b476e5ce4de50cb840daf949915db0ab711b248 Mon Sep 17 00:00:00 2001 From: Lily Chen Date: Wed, 21 Apr 2021 12:49:29 -0400 Subject: [PATCH 1/2] RFC 6265bis: Update ABNF to define field values This adjusts the ABNF for Set-Cookie and Cookie to define field values, not the whole field line, addressing #1302. --- draft-ietf-httpbis-rfc6265bis.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/draft-ietf-httpbis-rfc6265bis.md b/draft-ietf-httpbis-rfc6265bis.md index 3d81144ec..a5b239eb3 100644 --- a/draft-ietf-httpbis-rfc6265bis.md +++ b/draft-ietf-httpbis-rfc6265bis.md @@ -476,7 +476,7 @@ SHOULD NOT send Set-Cookie headers that fail to conform to the following grammar: ~~~ abnf -set-cookie-header = "Set-Cookie:" SP BWS set-cookie-string +set-cookie = set-cookie-string set-cookie-string = BWS cookie-pair *( BWS ";" OWS cookie-av ) cookie-pair = cookie-name BWS "=" BWS cookie-value cookie-name = 1*cookie-octet @@ -761,7 +761,7 @@ conforms to the requirements in {{ua-requirements}}), the user agent will send a header that conforms to the following grammar: ~~~ abnf -cookie-header = "Cookie:" SP cookie-string +cookie = cookie-string cookie-string = cookie-pair *( ";" SP cookie-pair ) ~~~ From bd8b96ed0a621e05c2f4edeb9c2a4624563d76ad Mon Sep 17 00:00:00 2001 From: Lily Chen Date: Wed, 21 Apr 2021 13:10:31 -0400 Subject: [PATCH 2/2] Update draft-ietf-httpbis-rfc6265bis.md --- draft-ietf-httpbis-rfc6265bis.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/draft-ietf-httpbis-rfc6265bis.md b/draft-ietf-httpbis-rfc6265bis.md index a5b239eb3..492f348e5 100644 --- a/draft-ietf-httpbis-rfc6265bis.md +++ b/draft-ietf-httpbis-rfc6265bis.md @@ -469,8 +469,7 @@ the user agent. ### Syntax {#abnf-syntax} -Informally, the Set-Cookie response header contains the header name -"Set-Cookie" followed by a ":" and a cookie. Each cookie begins with a +Informally, the Set-Cookie response header contains a cookie, which begins with a name-value-pair, followed by zero or more attribute-value pairs. Servers SHOULD NOT send Set-Cookie headers that fail to conform to the following grammar: