Martin Panter <[email protected]> added the comment:
The original report comes from <https://code.djangoproject.com/ticket/2806>.
Anders was trying to parse a HTTP request Cookie field, something like:
BaseCookie('sessionid=a2be2e7debe71af8d88d350c4d14d768;$Path=/;$Domain=192.168.0.2;$Port="8000"')
The problem is that Cookie.py assumes names beginning with a dollar sign ($)
are reserved attributes of a previous cookie-pair, rather than arbitrary cookie
names. It is obvious that this was intended to support RFC 2965, although it is
not documented. The module has a hard-coded list of reserved attribute names,
and Port is not one of them.
IMO it would be better to treat (unknown) reserved attributes such as $Port as
ordinary cookie names, and start a new “morsel”. Ignoring them would also be a
better option than rejecting the whole cookie field. The dollar sign is valid
for a cookie name (token) according to RFC 2109, RFC 6265, and the Netscape
specification.
----------
nosy: +martin.panter
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue1564508>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
