Space is not required for Set-Cookie header #11131

Merged
merged 1 commit into from Jul 5, 2013

Conversation

Projects
None yet
4 participants
@ykzts
Contributor

ykzts commented Jun 26, 2013

Are space is ignored for before and after the separator (ex: ;).

@schneems

This comment has been minimized.

Show comment
Hide comment
@schneems

schneems Jun 29, 2013

Member

Do you have any references to support the format of Set-Cookie with regard to the separator?

Member

schneems commented Jun 29, 2013

Do you have any references to support the format of Set-Cookie with regard to the separator?

@ykzts

This comment has been minimized.

Show comment
Hide comment
@ykzts

ykzts Jun 30, 2013

Contributor

The user agent MUST use an algorithm equivalent to the following algorithm to parse the unparsed-attributes:

  1. If the unparsed-attributes string is empty, skip the rest of these steps.
  2. Discard the first character of the unparsed-attributes (which will be a %x3B (";") character).
  3. If the remaining unparsed-attributes contains a %x3B (";") character: Consume the characters of the unparsed-attributes up to, but not including, the first %x3B (";") character. Otherwise: Consume the remainder of the unparsed-attributes. Let the cookie-av string be the characters consumed in this step.
  4. If the cookie-av string contains a %x3D ("=") character: The (possibly empty) attribute-name string consists of the characters up to, but not including, the first %x3D ("=") character, and the (possibly empty) attribute-value string consists of the characters after the first %x3D ("=") character. Otherwise: The attribute-name string consists of the entire cookie-av string, and the attribute-value string is empty.
  5. Remove any leading or trailing WSP characters from the attribute-name string and the attribute-value string.
  6. Process the attribute-name and attribute-value according to the requirements in the following subsections. (Notice that attributes with unrecognized attribute-names are ignored.)
  7. Return to Step 1 of this algorithm.

cite: RFC 6265 section 5.2 (The Set-Cookie Header)

Contributor

ykzts commented Jun 30, 2013

The user agent MUST use an algorithm equivalent to the following algorithm to parse the unparsed-attributes:

  1. If the unparsed-attributes string is empty, skip the rest of these steps.
  2. Discard the first character of the unparsed-attributes (which will be a %x3B (";") character).
  3. If the remaining unparsed-attributes contains a %x3B (";") character: Consume the characters of the unparsed-attributes up to, but not including, the first %x3B (";") character. Otherwise: Consume the remainder of the unparsed-attributes. Let the cookie-av string be the characters consumed in this step.
  4. If the cookie-av string contains a %x3D ("=") character: The (possibly empty) attribute-name string consists of the characters up to, but not including, the first %x3D ("=") character, and the (possibly empty) attribute-value string consists of the characters after the first %x3D ("=") character. Otherwise: The attribute-name string consists of the entire cookie-av string, and the attribute-value string is empty.
  5. Remove any leading or trailing WSP characters from the attribute-name string and the attribute-value string.
  6. Process the attribute-name and attribute-value according to the requirements in the following subsections. (Notice that attributes with unrecognized attribute-names are ignored.)
  7. Return to Step 1 of this algorithm.

cite: RFC 6265 section 5.2 (The Set-Cookie Header)

@schneems

This comment has been minimized.

Show comment
Hide comment
@schneems

schneems Jun 30, 2013

Member

👍 Looks good to me. Thanks for the docs.

Richard Schneeman
http://heroku.com
@schneems

Sent from the road

On Sunday, June 30, 2013 at 1:33 PM, Yamagishi Kazutoshi wrote:

If the unparsed-attributes string is empty, skip the rest of these steps.
Discard the first character of the unparsed-attributes (which will be a %x3B (";") character).
If the remaining unparsed-attributes contains a %x3B (";") character: Consume the characters of the unparsed-attributes up to, but not including, the first %x3B (";") character. Otherwise: Consume the remainder of the unparsed-attributes. Let the cookie-av string be the characters consumed in this step.
If the cookie-av string contains a %x3D ("=") character: The (possibly empty) attribute-name string consists of the characters up to, but not including, the first %x3D ("=") character, and the (possibly empty) attribute-value string consists of the characters after the first %x3D ("=") character. Otherwise: The attribute-name string consists of the entire cookie-av string, and the attribute-value string is empty.
Remove any leading or trailing WSP characters from the attribute-name string and the attribute-value string.
Process the attribute-name and attribute-value according to the requirements in the following subsections. (Notice that attributes with unrecognized attribute-names are ignored.)
Return to Step 1 of this algorithm.

cite: RFC 6265 section 5.2 (The Set-Cookie Header) (http://tools.ietf.org/html/rfc6265#section-5.2)


Reply to this email directly or view it on GitHub (#11131 (comment)).

Member

schneems commented Jun 30, 2013

👍 Looks good to me. Thanks for the docs.

Richard Schneeman
http://heroku.com
@schneems

Sent from the road

On Sunday, June 30, 2013 at 1:33 PM, Yamagishi Kazutoshi wrote:

If the unparsed-attributes string is empty, skip the rest of these steps.
Discard the first character of the unparsed-attributes (which will be a %x3B (";") character).
If the remaining unparsed-attributes contains a %x3B (";") character: Consume the characters of the unparsed-attributes up to, but not including, the first %x3B (";") character. Otherwise: Consume the remainder of the unparsed-attributes. Let the cookie-av string be the characters consumed in this step.
If the cookie-av string contains a %x3D ("=") character: The (possibly empty) attribute-name string consists of the characters up to, but not including, the first %x3D ("=") character, and the (possibly empty) attribute-value string consists of the characters after the first %x3D ("=") character. Otherwise: The attribute-name string consists of the entire cookie-av string, and the attribute-value string is empty.
Remove any leading or trailing WSP characters from the attribute-name string and the attribute-value string.
Process the attribute-name and attribute-value according to the requirements in the following subsections. (Notice that attributes with unrecognized attribute-names are ignored.)
Return to Step 1 of this algorithm.

cite: RFC 6265 section 5.2 (The Set-Cookie Header) (http://tools.ietf.org/html/rfc6265#section-5.2)


Reply to this email directly or view it on GitHub (#11131 (comment)).

@steveklabnik

This comment has been minimized.

Show comment
Hide comment
@steveklabnik

steveklabnik Jul 1, 2013

Member

Seems good to me too. @NZKoz ?

Member

steveklabnik commented Jul 1, 2013

Seems good to me too. @NZKoz ?

@NZKoz

This comment has been minimized.

Show comment
Hide comment
@NZKoz

NZKoz Jul 1, 2013

Member

yeah 👍 from me too,

Member

NZKoz commented Jul 1, 2013

yeah 👍 from me too,

@steveklabnik

This comment has been minimized.

Show comment
Hide comment
@steveklabnik

steveklabnik Jul 4, 2013

Member

Okay! Let's get a CHANGELOG entry and then I'll merge.

Member

steveklabnik commented Jul 4, 2013

Okay! Let's get a CHANGELOG entry and then I'll merge.

@ykzts

This comment has been minimized.

Show comment
Hide comment
@ykzts

ykzts Jul 5, 2013

Contributor

@steveklabnik I added changelog entry!

Contributor

ykzts commented Jul 5, 2013

@steveklabnik I added changelog entry!

steveklabnik added a commit that referenced this pull request Jul 5, 2013

Merge pull request #11131 from ykzts/fix/actiondispatch-ssl-not-requi…
…red-space

Space is not required for Set-Cookie header

@steveklabnik steveklabnik merged commit 5ade0dd into rails:master Jul 5, 2013

1 check passed

default The Travis CI build passed
Details
@steveklabnik

This comment has been minimized.

Show comment
Hide comment
@steveklabnik

steveklabnik Jul 5, 2013

Member

Great, thank you!

Member

steveklabnik commented Jul 5, 2013

Great, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment