- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 13 Feb 2017 17:50:28 +0100
- To: Daniel Veditz <dveditz@mozilla.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
On 2017-02-13 17:23, Daniel Veditz wrote: > Currently all the major browser engines agree and return the quotes as > part of the cookie, which seems to be what the spec says (DQUOTEs are > part of the cookie value). Most servers seem to work fine with this > behavior and no one knows what will break if browsers start handling > this differently. That's how I read the spec as well; however, I failed to convince the main Apache HttpClient committer. Maybe there's something we can do to make it clearer. > Browsers also allow, and some web applications use, spaces and UTF-8 > sequences in cookies which are technically not valid cookie-octets; we > should probably make this part of the spec match reality if we can > figure out what that is. > ... Agreed. Best regards, Julian
Received on Monday, 13 February 2017 16:51:06 UTC