Non-value attributes in Set-Cookie header #1171
Comments
|
The change seems correct. I'm just wondering if we can incorporate all the changes you've made to be more rfc complaint into @vinamrabhatia work too. @vinamrabhatia Have you looked into nnposter's commits related to http and cookies? It would be great for you to consider them in your final revision. |
|
Resolved with r37235 (23d61f5) |
|
@nnposter I will make the similar changes in the cookies library work too. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Parser for
Set-Cookieheader (functionparse_set_cookieinhttp.lua) is currently assigning attributes without a value (such asSecureorHttpOnly) an artificial Boolean value oftrue(not string"true"). In contrast, attributes with explicitly empty values (...; attr=;...) are assigned a zero-length string as the value.According to RFC 6265, section 5.2 these two cases should have the same outcome: empty value.
I am proposing to change the parser to assign a zero-length string to value-less attributes, which would have the following effect:
Pro
stringtruein logical tests so this change should have negligible impact on existing code...; attr;...and...; attr=;..., which is what the RFC prescribes.Con
...; attr;...and...; attr=;..., so response memberrawheaderwould have to be used if somebody truly needs to differentiate between the two cases.I will implement the change in a few weeks unless anybody brings up concerns.
The text was updated successfully, but these errors were encountered: