Re: Rfc6265CookieProcessor domain validation errors

Svetlin Zarev Thu, 25 Aug 2016 03:16:39 -0700

Proposed fix: https://github.com/apache/tomcat85/pull/2


2016-08-25 10:28 GMT+03:00 Svetlin Zarev <svetlin.angelov.za...@gmail.com>:

> Hello!
>
>
>
> The new Rfc6265CookieProcessor fails to validate domains that start with a
> dot. According to rfc6265#5.2.3 [1]:
>
>
>
> If the first character of the attribute-value string is %x2E ("."):
>
>       Let cookie-domain be the attribute-value without the leading %x2E
>
>       (".") character.
>
> Otherwise:
>
>       Let cookie-domain be the entire attribute-value.
>
>
>
> But Rfc6265CookieProcessor throws an IllegalStateException.
>
> Steps to reproduce : https://gist.github.com/anonymous/
> d38cdc359ba4cf436b7e55a2757ae1a7
>
>
>
> What do you think ? Is this a bug in the cookie processor or am I
> misunderstanding the RFC ?
>
>
>
> [1] https://tools.ietf.org/html/rfc6265#page-20
>
>
> Best regards,
>
> Svetlin
>

Re: Rfc6265CookieProcessor domain validation errors

Reply via email to