- From: Daniel Veditz <dveditz@mozilla.com>
- Date: Mon, 13 Feb 2017 08:23:44 -0800
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Received on Monday, 13 February 2017 16:24:37 UTC
Currently all the major browser engines agree and return the quotes as part of the cookie, which seems to be what the spec says (DQUOTEs are part of the cookie value). Most servers seem to work fine with this behavior and no one knows what will break if browsers start handling this differently. Browsers also allow, and some web applications use, spaces and UTF-8 sequences in cookies which are technically not valid cookie-octets; we should probably make this part of the spec match reality if we can figure out what that is. -Dan Veditz On Mon, Feb 13, 2017 at 3:45 AM, Julian Reschke <julian.reschke@gmx.de> wrote: > Hi there, > > so what's going on here? It seems nothing has happened since early > October? Are we still working on this? > > Related to that: there was recently a heated discussion over in < > https://issues.apache.org/jira/browse/HTTPCLIENT-1006> about whether > clients are supposed to round-trip the "quoted-string"-ness of a cookie. I > think I know what the answer is, but it's certainly not clear enough in the > existing spec. Feedback from our cookie experts would be awesome... > > Best regards, Julian > >
Received on Monday, 13 February 2017 16:24:37 UTC