2014-09-30 11:41 GMT+04:00 <ma...@apache.org>: > Author: markt > Date: Tue Sep 30 07:41:57 2014 > New Revision: 1628366 > > URL: http://svn.apache.org/r1628366 > Log: > Make FWD_SLASH_IS_SEPARATOR configurable per context > > Modified: > tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java > tomcat/trunk/java/org/apache/tomcat/util/http/LegacyCookieProcessor.java > tomcat/trunk/test/org/apache/tomcat/util/http/TestCookieParsing.java > tomcat/trunk/webapps/docs/config/cookie-processor.xml
> Modified: tomcat/trunk/webapps/docs/config/cookie-processor.xml > URL: > http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/cookie-processor.xml?rev=1628366&r1=1628365&r2=1628366&view=diff > ============================================================================== > --- tomcat/trunk/webapps/docs/config/cookie-processor.xml (original) > +++ tomcat/trunk/webapps/docs/config/cookie-processor.xml Tue Sep 30 07:41:57 > 2014 > @@ -147,6 +147,17 @@ > <a href="systemprops.html">system property</a>.</p> > </attribute> > > + <attribute name="forwardSlashIsSeparator" required="false"> > + <p>If this is <code>true</code> Tomcat will treat the forward slash > + character ('<code>/</code>') as an HTTP separator when processing > cookie > + headers. If > <code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> > + is set to <code>true</code>, the default of this setting will be > + <code>true</code>, else the default value will be <code>false</code>. > + This default may be overridden by setting the > + > <code>org.apache.tomcat.util.http.ServerCookie.FWD_SLASH_IS_SEPARATOR</code> > + system property.</p> > + </attribute> Maybe there is a way to rephrase the above description. I think that for a casual reader "will treat the forward slash .. as an HTTP separator" does not say much useful. I mean, what "treats as HTTP separator" means here? There is another attribute, "allowHttpSepsInV0" that says more on this issue. Maybe at least add a reference to that attribute. Best regards, Konstantin Kolinko > + > <attribute name="preserveCookieHeader" required="false"> > <p>If this is <code>true</code> Tomcat will ensure that cookie > processing does not modify cookie header returned by > @@ -179,7 +190,8 @@ > cookie parser. In particular:</p> > > <ul> > - <li>The '<code>=</code>' is always permitted in a cookie value.</li> > + <li>The '<code>=</code>' and '<code>/</code>' characters are always > + permitted in a cookie value.</li> > <li>Name only cookies are always permitted.</li> > <li>The cookie header is always preserved.</li> > </ul> > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
