Summary: | The cookie parser (for Rfc6265CookieProcessor) does not allow whitespaces in quoted cookie value of the version 1 cookie | ||
---|---|---|---|
Product: | Tomcat 9 | Reporter: | Kyohei Nakamura <nakamura.kyohei.lab> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | unspecified | ||
Target Milestone: | ----- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: | patch against trunk |
Thanks of the report. There was a similar issue with tabs. This has been fixed in 9.0.x for 9.0.0.M10 onwards, 8.5.x for 8.5.5 onwards and 8.0.x for 8.0.37 onwards. |
Created attachment 34059 [details] patch against trunk The RFC2109 specification that defines the version 1 cookie says that whitespaces are allowed in quoted cookie value. However, the cookie parser (for Rfc6265CookieProcessor) does not allow whitespaces in quoted cookie value of the version 1 cookie. I made the patch that the cookie parser treats whitespace as enabled character.