[
https://issues.apache.org/jira/browse/HTTPCLIENT-1006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15785467#comment-15785467
]
Julian Reschke commented on HTTPCLIENT-1006:
--------------------------------------------
FWIW...
bq. As far as RFC 6265 goes I would like to understand whether the new spec
intended to provide some degree of backward compatibility with previous specs
...
The spec intends to describe what servers and user agents actually implement.
There was no intent to be compatible with RFC 2965, as that spec isn't used in
practice. If RFC 6265 is incompatible with the original spec (2109) then that
happened on purpose (because it didn't describe how cookies were implemented in
practice).
bq. ... and whether or not there is a reference to a generic mechanism for
escaping special characters in header elements.
There is no generic way to handle escaping in header fields. Specs can
explicitly opt into certain syntax variations, such as by invoking the
quoted-string ABNF rule from the HTTP spec though.
> BrowserCompatSpec: don't trim " around cookie value
> ---------------------------------------------------
>
> Key: HTTPCLIENT-1006
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1006
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (classic)
> Affects Versions: 4.0.2
> Reporter: Marc Guillemot
>
> If the server sends a cookie header like:
> Set-Cookie: first="hello world"
> then HttpClient parses it as cookie with value >hello world<, wrongly
> removing the leading and trailing quotes. The incorrect quote removal occurs
> in BasicHeaderValueParser.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
