| Summary: | The cookie parser (for Rfc6265CookieProcessor) does not allow whitespaces in quoted cookie value of the version 1 cookie | ||
|---|---|---|---|
| Product: | Tomcat 9 | Reporter: | Kyohei Nakamura <nakamura.kyohei.lab> |
| Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | P2 | ||
| Version: | unspecified | ||
| Target Milestone: | ----- | ||
| Hardware: | All | ||
| OS: | All | ||
| Attachments: | patch against trunk | ||
Thanks of the report. There was a similar issue with tabs. This has been fixed in 9.0.x for 9.0.0.M10 onwards, 8.5.x for 8.5.5 onwards and 8.0.x for 8.0.37 onwards. |
Created attachment 34059 [details] patch against trunk The RFC2109 specification that defines the version 1 cookie says that whitespaces are allowed in quoted cookie value. However, the cookie parser (for Rfc6265CookieProcessor) does not allow whitespaces in quoted cookie value of the version 1 cookie. I made the patch that the cookie parser treats whitespace as enabled character.