This is before the cookie parsing. This is HTTP. RFC9110: https://www.rfc-editor.org/rfc/rfc9110#name-field-values ``` Field values containing CR, LF, or NUL characters are invalid and dangerous, due to the varying ways that implementations might parse and interpret those characters; a recipient of CR, LF, or NUL within a field value MUST either reject the message or replace each of those characters with SP before further processing or forwarding of that message ``` After a correct header parsing, if the input was: `Set-Cookie: a\nb=c\r\n`, the `CookieParser` receives `a b=c`. The final cookie will have name `a b` and value `c`.
Bug 1920444 Comment 5 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
This is before the cookie parsing. This is HTTP. RFC9110: https://www.rfc-editor.org/rfc/rfc9110#name-field-values "Field values containing CR, LF, or NUL characters are invalid and dangerous, due to the varying ways that implementations might parse and interpret those characters; a recipient of CR, LF, or NUL within a field value MUST either reject the message or replace each of those characters with SP before further processing or forwarding of that message" After a correct header parsing, if the input was: `Set-Cookie: a\nb=c\r\n`, the `CookieParser` receives `a b=c`. The final cookie will have name `a b` and value `c`.