You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by bu...@apache.org on 2005/09/20 21:22:09 UTC

DO NOT REPLY [Bug 36740] New: - Minor RFC 2109 / 2965 violation

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=36740>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=36740

           Summary: Minor RFC 2109 / 2965 violation
           Product: HttpClient
           Version: 3.0 RC3
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Commons HttpClient
        AssignedTo: httpclient-dev@jakarta.apache.org
        ReportedBy: WBaer@gmx.de


Hi all,

we received this bug report for the debian commons-httpclient
package:

<debian_bugreport>
The following bug is present in upstream, 2.0.2 and 3.0RC3, at least as far
as I can tell by testing.

The specification grammar for the Cookie and Cookie2 HTTP headers
(specified by RFC 2109 section 4.3.4, and RFC 2965 section 3.3.4,
respectively) require that the ordering of pairs is "Version, NAME, path,
domain" (and, in RFC 2965, "port" after "domain"). However, HTTPClient
produces a cookie string with the domain pair appearing before, rather
than after, the path pair. The RFCs specifically *do not* use either the
grammar or the clarifying text ("can occur in any order") that occurs in
the sections that define the Set-Cookie and Set-Cookie2 headers (4.2.2 and
3.2.2, respectively).

Since the sections in question do not, in fact, discuss the issue of pair
ordering in Set-Cookie/Set-Cookie2 at all (other than in using a grammar
that clearly expresses the requirement), and since the complimentary
header explicitly permits them to occur in any order, it seems likely
that HTTPClient is not the only client with this issue, and that most
servers will accomodate this situation (in fact, for it to have gone
unnoticed for this long, it seems likely that either I'm badly misreading
the specification, or no major server has a problem coping with this).
</debian_bugreport>

For your reference the debian bug number:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329245

Regards,

Wolfgang

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org