Proposed fix: https://github.com/apache/tomcat85/pull/2
2016-08-25 10:28 GMT+03:00 Svetlin Zarev <svetlin.angelov.za...@gmail.com>: > Hello! > > > > The new Rfc6265CookieProcessor fails to validate domains that start with a > dot. According to rfc6265#5.2.3 [1]: > > > > If the first character of the attribute-value string is %x2E ("."): > > Let cookie-domain be the attribute-value without the leading %x2E > > (".") character. > > Otherwise: > > Let cookie-domain be the entire attribute-value. > > > > But Rfc6265CookieProcessor throws an IllegalStateException. > > Steps to reproduce : https://gist.github.com/anonymous/ > d38cdc359ba4cf436b7e55a2757ae1a7 > > > > What do you think ? Is this a bug in the cookie processor or am I > misunderstanding the RFC ? > > > > [1] https://tools.ietf.org/html/rfc6265#page-20 > > > Best regards, > > Svetlin >