CR: 7183292: HttpURLConnection.getHeaderFields() throws IllegalArgumentException: Illegal cookie name
Chris Hegarty
chris.hegarty at oracle.com
Tue Jul 17 06:18:58 PDT 2012
On 17/07/2012 10:17, Michael McMahon wrote:
> Hi,
>
> Could I get the following change reviewed please?
>
> http://cr.openjdk.java.net/~michaelm/7183292/webrev.1/
>
> Since 7u4, we are parsing all incoming cookies via the HttpCookie class.
> This class has had a restriction on cookie names that is causing this
> problem
> and which is not required by any of the cookie specifications, as far as
> I can see,
> (rfc 2965, and 6265 which obsoletes 2965).
Right, this is my reading of the RFC's also. In fact, RFC 2965
explicitly states that "the NAME of a cookie MAY be the same as one of
the attributes in this specification".
> The restriction was that cookie names could not be the same (case
> insensitively)
> as any of the attribute names (eg. Domain). So, the change is to remove
> the restriction.
Yes, this makes sense to me.
One comment on the webrev is that isReserved also enforces that the name
cannot start with a '$', from 2965: "NAMEs that begin with $ are
reserved and MUST NOT be used by applications." I think you may need to
minimally reintroduce this. Otherwise, the changes look good to me.
-Chris.
>
> Thanks,
> Michael
More information about the net-dev
mailing list