[New-bugs-announce] [issue28378] urllib2 does not handle cookies with `, `
Grzegorz Sikorski
report at bugs.python.org
Thu Oct 6 11:01:13 EDT 2016
New submission from Grzegorz Sikorski:
I have a usecase when the server sends two cookies in separate `Set-Cookie` headers. One of the cookie includes a `,` (comma). It seems this is not handled properly, as the library always try to fold multiple headers with the same name into a single comma-separated string. While this is valid for other header fields, `Set-Cookie` should never be folded, as RFC 6265 says:
```
Origin servers SHOULD NOT fold multiple Set-Cookie header fields into
a single header field. The usual mechanism for folding HTTP headers
fields (i.e., as defined in [RFC2616]) might change the semantics of
the Set-Cookie header field because the %x2C (",") character is used
by Set-Cookie in a way that conflicts with such folding.
```
----------
components: Library (Lib)
messages: 278196
nosy: Grzegorz Sikorski
priority: normal
severity: normal
status: open
title: urllib2 does not handle cookies with `,`
type: behavior
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue28378>
_______________________________________
More information about the New-bugs-announce
mailing list