CR: 7183292: HttpURLConnection.getHeaderFields() throws IllegalArgumentException: Illegal cookie name (original) (raw)

Kurchi Hazra kurchi.subhra.hazra at oracle.com
Wed Jul 18 10:47:34 PDT 2012

On 7/18/2012 10:38 AM, Michael McMahon wrote: > Thanks Kurchi. >> I have made one small change to another test, which was specifically > testing the $name assertion. > So, that test had to be removed. >> The new webrev is at : >> http://cr.openjdk.java.net/~michaelm/7183292/webrev.3/ >> - Michael >> On 17/07/12 18:15, Kurchi Subhra Hazra wrote: >> I have read the sections dealing with cookie-name in 6265, and these >> changes look good to me. >>>> - Kurchi >>>> On 7/17/12 7:32 AM, Michael McMahon wrote: >>>>>> Thanks for reviewing this Chris. On the question of whether $ should >>> be allowed >>> in cookie names, it appears like that restriction has been removed >>> from RFC 6265, >>> which is evidently a fairly comprehensive description of actual >>> cookie usage on the web. >>> So, maybe we should just leave that out as well - assuming that it >>> is being used in places >>> (albeit in contravention of the older RFC). What do you think? >>>>>> - Michael >>>>>> On 17/07/2012 14:18, Chris Hegarty wrote: >>>> On 17/07/2012 10:17, Michael McMahon wrote: >>>>> Hi, >>>>>>>>>> Could I get the following change reviewed please? >>>>>>>>>> http://cr.openjdk.java.net/~michaelm/7183292/webrev.1/ >>>>>>>>>> Since 7u4, we are parsing all incoming cookies via the HttpCookie >>>>> class. >>>>> This class has had a restriction on cookie names that is causing this >>>>> problem >>>>> and which is not required by any of the cookie specifications, as >>>>> far as >>>>> I can see, >>>>> (rfc 2965, and 6265 which obsoletes 2965). >>>>>>>> Right, this is my reading of the RFC's also. In fact, RFC 2965 >>>> explicitly states that "the NAME of a cookie MAY be the same as one >>>> of the attributes in this specification". >>>>>>>>> The restriction was that cookie names could not be the same (case >>>>> insensitively) >>>>> as any of the attribute names (eg. Domain). So, the change is to >>>>> remove >>>>> the restriction. >>>>>>>> Yes, this makes sense to me. >>>>>>>> One comment on the webrev is that isReserved also enforces that the >>>> name cannot start with a '$', from 2965: "NAMEs that begin with $ >>>> are reserved and MUST NOT be used by applications." I think you may >>>> need to minimally reintroduce this. Otherwise, the changes look >>>> good to me. >>>>>>>> -Chris. >>>>>>>>>>>>>> Thanks, >>>>> Michael >>>>>>

-Kurchi

More information about the net-dev mailing list