[
https://issues.apache.org/jira/browse/HTTPCLIENT-1700?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15036797#comment-15036797
]
Michael Gardner commented on HTTPCLIENT-1700:
---------------------------------------------
{{RFC2965Spec}} is the other place where an exception is thrown in this case.
My reading of that spec is that although the NAME=VALUE pair is required,
there's no requirement about what to do with an empty NAME.
So I would argue for the same behavior here as well, for the same reasons.
> CookieSpecBase & empty cookie names
> -----------------------------------
>
> Key: HTTPCLIENT-1700
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1700
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpCookie
> Affects Versions: 4.5.1, 4.5.2
> Reporter: Michael Gardner
> Priority: Minor
>
> As of HTTPCLIENT-1695, {{RFC6265CookieSpec}} accepts cookies with empty
> names. However, {{DefaultCookieSpec}} doesn't always choose this parser when
> it encounters such a cookie, and since {{CookieSpecBase}} rejects empty
> cookie names, we can end up with the same result unless we specify
> {{RFC6265CookieSpec}} explicitly (not ideal if we need to deal with a variety
> of sources).
> In the interests of robustness, I would argue that {{CookieSpecBase}} should
> similarly ignore cookie with empty names rather than throw an exception ("be
> conservative in what you send, liberal in what you accept").
> Alternatively, {{DefaultCookieSpec}} could detect such cookies and parse them
> via {{RFC6265CookieSpec}}; but that would be more complex and might lead to
> other issues.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
