- From: Steven Bingler <bingler@chromium.org>
- Date: Fri, 10 Oct 2025 19:46:18 -0400
- To: art@ietf.org
- Cc: draft-ietf-httpbis-rfc6265bis.all@ietf.org, ietf-http-wg@w3.org, last-call@ietf.org
Hello Claudio,
Thank you for your review and apologies for my late response. I had to
take a hiatus.
> * it is always quite complex to handle syntax when we engage parsing white
> spaces. Along the document the handling is specified in details in many
> sections; however, given cookies content often uses "natural language style"
> (if I may say so), the issue on how and where to ignore white spaces may lead
> to ambiguity: how to we parse something like
Would you mind elaborating on what you find ambiguous? Perhaps I can't
see the forest for the trees.
Regarding how weird whitespace cookies should be handled:
The well behaved server profile (Section 4) doesn't allow cookies such as
Set-Cookie: ? e x a m p l e ;
Because whitespace is disallowed for the cookie-name and cookie-value.
Section 5, the UA behavior, does accept such a cookie and handles as follows:
Section 5.6
> 2. If the set-cookie-string contains a %x3B (";") character...
> 2.1 The name-value-pair string consists of the characters up to, but not including, the first %x3B
Resulting in "? e x a m p l e "
> 3. If the name-value-pair string lacks a %x3D ("=") character, then the name string is empty, and the value string is the value of name-value-pair.
Resulting in
Name: ""
Value: "? e x a m p l e "
> 4. Remove any leading or trailing WSP characters from the name string and the value string.
Finally resulting in
Name: ""
Value: "? e x a m p l e"
A bit complicated perhaps, but seems straightforward to me. Happy to
take another look if you're able to point to some specifics.
Thanks,
- Steven
Received on Friday, 10 October 2025 23:46:33 UTC