Versions Compared

Old Version 34

changes.mady.by.user Jeremy Boynes

Saved on

compared with

New Version 35

changes.mady.by.user ASF Infrabot

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: I do not see how UTF-8 may be used when generating a cookie. Add a comment.

...

indent
The value (which is a UCS-16 Java String) will be encoded using UTF-8 when being added to the header. Application impact is that non-ASCII characters will no longer cause an IAE. For V0 cookies, this is an extension to RFC6265 required to support HTML-5. V1 cookies already allow 8-bit characters if quoted and this is likely to be needed to avoid an IAE as the value would still be validated; it would be the application's responsibility to quote the value.
  • *
indent


_kkolinko_: Using UTF-8 in HTTP headers is not allowed by RFC 2616. On page 32 it says:

Wiki Markup
 {{message-header = field-name ":" \[field-value \]}}

field-value = *( field-content | LWS )

field-content = <the OCTETs making up the field-value and consisting of either *TEXT or combinations of token, separators, and quoted-string>

The tokens are US-ASCII (0-127 minus CTLs or separators) (pages 16-17).

Wiki Markup
 The TEXT is defined on page 16 where it says: "Words of \*TEXT MAY contain characters from character sets other than ISO-8859-1 \[22\] only when encoded according to the rules of RFC 2047 \[14\]."

The quoted-string is TEXT in double quotes (page 16).

  • *
indent


_kkolinko_: Javadoc for [HttpServletResponse].setHeader() method also mentions that the value of a header should be encoded according to RFC 2047. http://www.ietf.org/rfc/rfc2047.txt

G5 Validate domain per RFC6265::

...