- From: Steven Bingler <bingler@chromium.org>
- Date: Fri, 7 Nov 2025 15:15:44 -0500
- To: art@ietf.org
- Cc: draft-ietf-httpbis-rfc6265bis.all@ietf.org, ietf-http-wg@w3.org, last-call@ietf.org
Hi Claudio,
Following up on this.
Thanks,
- Steven
On Fri, Oct 10, 2025 at 7:46 PM Steven Bingler <bingler@chromium.org> wrote:
>
> Hello Claudio,
>
> Thank you for your review and apologies for my late response. I had to
> take a hiatus.
>
> > * it is always quite complex to handle syntax when we engage parsing white
> > spaces. Along the document the handling is specified in details in many
> > sections; however, given cookies content often uses "natural language style"
> > (if I may say so), the issue on how and where to ignore white spaces may lead
> > to ambiguity: how to we parse something like
>
> Would you mind elaborating on what you find ambiguous? Perhaps I can't
> see the forest for the trees.
>
> Regarding how weird whitespace cookies should be handled:
>
> The well behaved server profile (Section 4) doesn't allow cookies such as
> Set-Cookie: ? e x a m p l e ;
> Because whitespace is disallowed for the cookie-name and cookie-value.
>
> Section 5, the UA behavior, does accept such a cookie and handles as follows:
>
> Section 5.6
> > 2. If the set-cookie-string contains a %x3B (";") character...
>
> > 2.1 The name-value-pair string consists of the characters up to, but not including, the first %x3B
>
> Resulting in "? e x a m p l e "
>
> > 3. If the name-value-pair string lacks a %x3D ("=") character, then the name string is empty, and the value string is the value of name-value-pair.
>
> Resulting in
> Name: ""
> Value: "? e x a m p l e "
>
> > 4. Remove any leading or trailing WSP characters from the name string and the value string.
>
> Finally resulting in
> Name: ""
> Value: "? e x a m p l e"
>
> A bit complicated perhaps, but seems straightforward to me. Happy to
> take another look if you're able to point to some specifics.
>
> Thanks,
> - Steven
Received on Friday, 7 November 2025 20:16:00 UTC