Package: epiphany-browser
Version: 2.30.2-1
Severity: important
I use the following header to set a cookie:
| Set-Cookie: auth="name=blank;sig=MZTJl0eYACEJB6L8ibIm4S6QK1k="; Secure
epiphany lists the cookie with name "auth" and value '"name=blank', aka
it splits it after the first ; within the value. However RFC 2109 and
the referenced 2068 specifies this headers the following way.
set-cookie = "Set-Cookie:" cookies
cookies = 1#cookie
cookie = NAME "=" VALUE *(";" cookie-av)
VALUE = value
value = word
word = token | quoted-string
quoted-string = ( <"> *(qdtext) <"> )
qdtext = <any TEXT except <">>
TEXT = <any OCTET except CTLs, but including LWS>
The most identical definition is given in RFC 2965 and 2616 for the
Set-Cookie2 header.
It even transmits it in this broken state (note the missing quote):
| Cookie: I18N_LANGUAGE="de"; auth="name=blank
Bastian
--
Warp 7 -- It's a law we can live with.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
