Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Tabs in cookie names and values
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Gustafsson via curl-library <curl-library_at_lists.haxx.se>
Date: Thu, 13 Oct 2022 23:09:08 +0200
> On 13 Oct 2022, at 23:03, Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se> wrote:
> A - escape them in the file
> B - reject them them on arrival
This list is in the wrong order I reckon.
> My thinking:
>
> We start out with (A), we reject such cookies starting next release. This avoids the problem with saving to files and cookies with content like this is bound to be very rare as they do not interoperate between clients.
>
> If the rfc6265bis wording stays and browsers truly change direction in a future and allow tabs more than they have done up until today, then we can take a new decision and then maybe adopt method (B).
I think that's the only sane approach. Start by rejecting them (as long as one
major browser does that they won't be commonly used, or even at all, anyways),
and change course iff adoption changes going forward. I can't imagine there
being more than an academical interest in actually using this, so I wouldn't be
surprised if the change in wording doesn't change much in practice.
Date: Thu, 13 Oct 2022 23:09:08 +0200
> On 13 Oct 2022, at 23:03, Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se> wrote:
> A - escape them in the file
> B - reject them them on arrival
This list is in the wrong order I reckon.
> My thinking:
>
> We start out with (A), we reject such cookies starting next release. This avoids the problem with saving to files and cookies with content like this is bound to be very rare as they do not interoperate between clients.
>
> If the rfc6265bis wording stays and browsers truly change direction in a future and allow tabs more than they have done up until today, then we can take a new decision and then maybe adopt method (B).
I think that's the only sane approach. Start by rejecting them (as long as one
major browser does that they won't be commonly used, or even at all, anyways),
and change course iff adoption changes going forward. I can't imagine there
being more than an academical interest in actually using this, so I wouldn't be
surprised if the change in wording doesn't change much in practice.
-- Daniel Gustafsson https://vmware.com/ -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-10-13