Hi,

While upgrading to Netty 4.1.5, I noticed the following behaviour with 
cookie decoding:

STRICT cookie decoder silently ignores all incorrect cookies: For example

    @Test
    public void testCookieDecoder() throws Exception {
        // Invalid cookie name as it contains a delimiter ',' character:
        Set<Cookie> cookies = 
ServerCookieDecoder.STRICT.decode("HttpOnly,hparg=foo;\n");
        System.out.println("Decoded: " + cookies);
    }

This will print: 

  "Decoded: []"

Now the caller remains completely clueless that there in fact was an 
invalid cookie present. This doesn't throw any exceptions due to illegal 
cookie names. I assume this is by design?

If so it would be useful to have a version of .decode() that could be used 
for validation purposes. One that would throw an exception when faced with 
invalid cookie names etc. What do you think? 

Many thanks,
Mikko

-- 
You received this message because you are subscribed to the Google Groups 
"Netty discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to netty+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/netty/e4a7ad3d-8a43-424c-9e3f-b3a8c1bc4b86%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to