Closed Bug 1609491 Opened 5 years ago Closed 5 years ago

Stop accepting cookie name-value pairs without an equal sign

Categories

(Core :: Networking: Cookies, defect, P2)

Product:
Core
Component:
Networking: Cookies
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)

References

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file, 1 obsolete file)

Bug 1609491 - Update the comment about differences with RFC2109/2616
47 bytes, text/x-phabricator-request
Details | Review

Gecko seems to be the only engine that currently accepts cookie name-value pairs without an equal sign, in violation of RFC 6265. This was added as a compatibility hack (see bug 169091) but perhaps we can remove this old hack now and become more compatible with other engines.

Blocks: wpt.fyi-firefox-fails
Priority: -- → P2
Whiteboard: [necko-triaged]
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b634b7b787d5 Stop accepting cookie name-value pairs without an equal sign; r=baku

Backed out changeset b634b7b787d5 (bug 1609491) for wpt failures at /cookies/http-state/general-tests.html

Backout: https://hg.mozilla.org/integration/autoland/rev/7054c8e08428bd6d6952890a953839625e3c0613

Failure push: https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=b634b7b787d55ebc15d59edfb6cbc3e9772563a6

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=285650843&repo=autoland&lineNumber=1631

[task 2020-01-20T16:33:23.653Z] 16:33:23 INFO - TEST-PASS | /cookies/http-state/general-tests.html | 0003 - Set expired cookie along with valid cookie.
[task 2020-01-20T16:33:23.653Z] 16:33:23 INFO - TEST-UNEXPECTED-FAIL | /cookies/http-state/general-tests.html | 0004 - Set nameless cookie. - assert_equals: expected "foo" but got ""
[task 2020-01-20T16:33:23.653Z] 16:33:23 INFO - createCookieTest/</<@http://web-platform.test:8000/cookies/http-state/resources/cookie-http-state-template.js:128:20
[task 2020-01-20T16:33:23.658Z] 16:33:23 INFO -
[task 2020-01-20T16:33:23.658Z] 16:33:23 INFO - TEST-PASS | /cookies/http-state/general-tests.html | 0013 - Use last value for cookies with identical keys.
[task 2020-01-20T16:33:23.658Z] 16:33:23 INFO - TEST-PASS | /cookies/http-state/general-tests.html | 0014 - Keep alphabetic key order.
[task 2020-01-20T16:33:23.658Z] 16:33:23 INFO - TEST-PASS | /cookies/http-state/general-tests.html | 0015 - Keep alphabetic single-char key order.
[task 2020-01-20T16:33:23.658Z] 16:33:23 INFO - TEST-PASS | /cookies/http-state/general-tests.html | 0016 - Keep non-alphabetic key order.
[task 2020-01-20T16:33:23.658Z] 16:33:23 INFO - TEST-PASS | /cookies/http-state/general-tests.html | 0017 - Keep order if comma-separated.
[task 2020-01-20T16:33:23.658Z] 16:33:23 INFO - TEST-PASS | /cookies/http-state/general-tests.html | 0018 - Ignore keys after semicolon.
[task 2020-01-20T16:33:23.658Z] 16:33:23 INFO - TEST-PASS | /cookies/http-state/general-tests.html | 0019 - Ignore attributes after semicolon.
[task 2020-01-20T16:33:23.659Z] 16:33:23 INFO - TEST-PASS | /cookies/http-state/general-tests.html | 0020 - Ignore Set-Cookie: =.
[task 2020-01-20T16:33:23.659Z] 16:33:23 INFO - TEST-PASS | /cookies/http-state/general-tests.html | 0021 - Set nameless cookie, given Set-Cookie: =x
[task 2020-01-20T16:33:23.659Z] 16:33:23 INFO - TEST-PASS | /cookies/http-state/general-tests.html | 0022 - Set valueless cookie, given Set-Cookie: x=
[task 2020-01-20T16:33:23.659Z] 16:33:23 INFO - TEST-UNEXPECTED-FAIL | /cookies/http-state/general-tests.html | 0023 - Ignore empty cookie string. - assert_equals: expected "foo" but got ""
[task 2020-01-20T16:33:23.659Z] 16:33:23 INFO - createCookieTest/</<@http://web-platform.test:8000/cookies/http-state/resources/cookie-http-state-template.js:128:20
[task 2020-01-20T16:33:23.659Z] 16:33:23 INFO -
[task 2020-01-20T16:33:23.659Z] 16:33:23 INFO - TEST-FAIL | /cookies/http-state/general-tests.html | 0024 - Ignore Set-Cookie: = with other Set-Cookie headers. - assert_equals: expected "foo" but got ""
[task 2020-01-20T16:33:23.659Z] 16:33:23 INFO - createCookieTest/</<@http://web-platform.test:8000/cookies/http-state/resources/cookie-http-state-template.js:128:20
[task 2020-01-20T16:33:23.659Z] 16:33:23 INFO - TEST-FAIL | /cookies/http-state/general-tests.html | 0025 - Ignore name- and value-less Set-Cookie: ; bar. - assert_equals: expected "foo" but got ""
[task 2020-01-20T16:33:23.659Z] 16:33:23 INFO - createCookieTest/</<@http://web-platform.test:8000/cookies/http-state/resources/cookie-http-state-template.js:128:20

Flags: needinfo?(ehsan)
Attachment #9121110 - Attachment is obsolete: true

The spec was recently changed to support nameless cookies, so this is WONTFIX now! https://github.com/httpwg/http-extensions/pull/1018

Flags: needinfo?(ehsan)
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
Pushed by eakhgari@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/4fe7a1c51fa5 Update the comment about differences with RFC2109/2616
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: