You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Parser for Set-Cookie header (function parse_set_cookie in http.lua) is currently treating cookie values enclosed in double quotes as intuitively expected: The string inside the quotes becomes the parsed cookie value.
However, the header syntax described in RFC 6265, section 4.1.1 does not seem to specify such behavior. While not stated explicitly, the surrounding quotes are meant to remain part of the cookie value.
Preserving the quotes appears consistent with Firefox, IE, and presumably other browsers. There are also server applications that break when these quotes are stripped off.
I am proposing to modify the parser to align it with the browser behavior. (I will be happy to implement the change but some discussion might be in order.)
Set-Cookie: aaa="b\"bb"; Path = "ddd eee" fff
...will be parsed as:
key
old value
new value
name
aaa
aaa
value
b"bb
"b\"bb"
path
ddd eee
"ddd eee" fff
The text was updated successfully, but these errors were encountered:
Parser for
Set-Cookieheader (functionparse_set_cookieinhttp.lua) is currently treating cookie values enclosed in double quotes as intuitively expected: The string inside the quotes becomes the parsed cookie value.However, the header syntax described in RFC 6265, section 4.1.1 does not seem to specify such behavior. While not stated explicitly, the surrounding quotes are meant to remain part of the cookie value.
Preserving the quotes appears consistent with Firefox, IE, and presumably other browsers. There are also server applications that break when these quotes are stripped off.
I am proposing to modify the parser to align it with the browser behavior. (I will be happy to implement the change but some discussion might be in order.)
...will be parsed as:
The text was updated successfully, but these errors were encountered: