Skip to content

A valid Expires= part of Set-Cookie header is not recognized #314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vlm opened this issue Nov 5, 2020 · 0 comments · Fixed by #315
Closed

A valid Expires= part of Set-Cookie header is not recognized #314

vlm opened this issue Nov 5, 2020 · 0 comments · Fixed by #315
Assignees
@artemredkin
Milestone
1.2.2

Comments

@vlm
Copy link
Contributor

vlm commented Nov 5, 2020
edited
Loading

The https://tools.ietf.org/html/rfc2616#section-3.3.1 specifies the Sunday, 06-Nov-94 08:49:37 GMT as a valid date format.

The https://tools.ietf.org/html/rfc6265#section-5.1.1 reinforces that.

The sane-cookie-date non-terminal in https://tools.ietf.org/html/rfc6265#section-4.1.1 reinforces that.

However, the parser only recognizes the Sun, 06 Nov 1994 08:49:37 GMT variant of the Expires= token, effectively not restricting validity of the cookie header.
@artemredkin artemredkin self-assigned this Nov 9, 2020
@artemredkin artemredkin added this to the 1.2.2 milestone Nov 9, 2020
@artemredkin artemredkin mentioned this issue Nov 11, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@artemredkin artemredkin

Labels
None yet
Projects
None yet
Milestone
1.2.2
Development

Successfully merging a pull request may close this issue.

add another expires date format artemredkin/async-http-client
2 participants
@vlm @artemredkin