New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better Cookie Parsing (#2504) #2511
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add unit tests for the new behavior.
Before gwynne gets to it, our release process uses the PR body as release notes. |
Quoting old PR body in the discussion:
|
Nice patch! The implementation does not conform to RFC yet.
It'll be great if all of them are allowed (I'm not 100% sure if all of them should be allowed, though). By the way I think the name |
I agree with all of these points, but due to the lack of documentation for this area of the project I wanted to make this change as small as possible to avoid unintended fallout from the change. Someone who has a more comprehensive understanding of the project might be able to achieve full RFC conformance, but this is sufficient for now. |
@gwynne ping - you happy with these changes? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not really 100% satisfied with silently dropping cookies that won't parse, but it's the best solution available without further work to improve RFC compliance and provide "permissive" parsing as a configurable option, which can be done in a future PR.
These changes are now available in 4.36.1 |
Improves cookie parsing (#2511)
%
characters (fixes Fails to parse cookie if it has % in its name #2504)HTTPCookies
HTTPCookies