You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hc.apache.org by bu...@apache.org on 2005/09/20 21:22:09 UTC
DO NOT REPLY [Bug 36740] New: -
Minor RFC 2109 / 2965 violation
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=36740>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=36740
Summary: Minor RFC 2109 / 2965 violation
Product: HttpClient
Version: 3.0 RC3
Platform: Other
OS/Version: other
Status: NEW
Severity: minor
Priority: P2
Component: Commons HttpClient
AssignedTo: httpclient-dev@jakarta.apache.org
ReportedBy: WBaer@gmx.de
Hi all,
we received this bug report for the debian commons-httpclient
package:
<debian_bugreport>
The following bug is present in upstream, 2.0.2 and 3.0RC3, at least as far
as I can tell by testing.
The specification grammar for the Cookie and Cookie2 HTTP headers
(specified by RFC 2109 section 4.3.4, and RFC 2965 section 3.3.4,
respectively) require that the ordering of pairs is "Version, NAME, path,
domain" (and, in RFC 2965, "port" after "domain"). However, HTTPClient
produces a cookie string with the domain pair appearing before, rather
than after, the path pair. The RFCs specifically *do not* use either the
grammar or the clarifying text ("can occur in any order") that occurs in
the sections that define the Set-Cookie and Set-Cookie2 headers (4.2.2 and
3.2.2, respectively).
Since the sections in question do not, in fact, discuss the issue of pair
ordering in Set-Cookie/Set-Cookie2 at all (other than in using a grammar
that clearly expresses the requirement), and since the complimentary
header explicitly permits them to occur in any order, it seems likely
that HTTPClient is not the only client with this issue, and that most
servers will accomodate this situation (in fact, for it to have gone
unnoticed for this long, it seems likely that either I'm badly misreading
the specification, or no major server has a problem coping with this).
</debian_bugreport>
For your reference the debian bug number:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329245
Regards,
Wolfgang
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org