New submission from Florian Pilz:
BaseCookie should give an informative error, if a non RFC compliant header was
given. The problem was, that we thought several cookies are allowed in one
header in a cookie *response* header. However, this is only allowed in cookie
*request* headers.
In those cases the output of BaseCookie looks broken, which caused a lot of
confusion, since a standard library should not have so many flaws.
Example with parsing a response header with several cookies separated by comma
(not allowed by RFC):
http.cookies.BaseCookie('foo=bar, oof=rab; httponly, bar=baz').output()
'Set-Cookie: bar=baz\r\nSet-Cookie: foo=bar,\r\nSet-Cookie: oof=rab'
Flaws:
* comma after 'foo=bar' in output
* the httponly flag was omitted (it would show up with a semi-colon after it,
i.e. 'oof=rab; httponly;')
* input and output style are different, i.e. several cookies in one line were
transformed to several cookies in several lines
I think the best solution is to fail early and hard, if there are several
cookies in one header. Maybe some problems should be fixed anyway (trailing
comma, different output style).
--
components: Library (Lib)
messages: 205077
nosy: florianpilz
priority: normal
severity: normal
status: open
title: BaseCookie does not complain if a non RFC compliant cookie header was
given
type: behavior
versions: Python 3.3, Python 3.4, Python 3.5
___
Python tracker
<http://bugs.python.org/issue19869>
___
___
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com