THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
indent |
---|
The value (which is a UCS-16 Java String) will be encoded using UTF-8 when being added to the header. Application impact is that non-ASCII characters will no longer cause an IAE. For V0 cookies, this is an extension to RFC6265 required to support HTML-5. V1 cookies already allow 8-bit characters if quoted and this is likely to be needed to avoid an IAE as the value would still be validated; it would be the application's responsibility to quote the value. |
- *
indent |
---|
_kkolinko_: Using UTF-8 in HTTP headers is not allowed by RFC 2616. On page 32 it says:
|
Wiki Markup |
---|
{{message-header = field-name ":" \[field-value \]}} |
field-value = *( field-content | LWS )
field-content = <the OCTETs making up the field-value and consisting of either *TEXT or combinations of token, separators, and quoted-string>
The tokens are US-ASCII (0-127 minus CTLs or separators) (pages 16-17).
Wiki Markup |
---|
The TEXT is defined on page 16 where it says: "Words of \*TEXT MAY contain characters from character sets other than ISO-8859-1 \[22\] only when encoded according to the rules of RFC 2047 \[14\]." |
The quoted-string is TEXT in double quotes (page 16).
- *
indent |
---|
_kkolinko_: Javadoc for [HttpServletResponse].setHeader() method also mentions that the value of a header should be encoded according to RFC 2047. http://www.ietf.org/rfc/rfc2047.txt
|
G5 Validate domain per RFC6265::
...