Summary: | Ensure cookies that contain control characters are handled according the the spec | ||
---|---|---|---|
Product: | WebKit | Reporter: | Andrew Williams <awillia> |
Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED MOVED | ||
Severity: | Normal | CC: | achristensen, beidson, bfulgham, webkit-bug-importer, wilander |
Priority: | P2 | Keywords: | InRadar |
Version: | Safari 14 | ||
Hardware: | Unspecified | ||
OS: | Unspecified |
Description
Andrew Williams
2021-08-13 11:12:09 PDT
Thanks for filing! Cookies are for the most part not implemented or handled by WebKit but by the HTTP framework used underneath, such as CFNetwork, libcurl, and libsoup. I will open an issue with CFNetwork for Apple's platforms. Andrew, can you please link to the change you are referring to? Thanks! Ah, my apologies. Thank you so much for opening the CFNetwork issue for this, though! The PRs that implement this specific RFC change are linked to at the bottom of the RFC document: https://github.com/httpwg/http-extensions/blob/main/draft-ietf-httpbis-rfc6265bis.md#draft-ietf-httpbis-rfc6265bis-09 One thing you'll notice at the link above is that size limits on the cookie name + value and also on the attribute value were added recently... I'm not sure whether an issue was opened with Apple for that change - do you think it'd be worth opening one for that as well? Thanks again! The fix for this bug needed to be made outside of WebKit software. Consequently, marking this as "RESOLVED | MOVED". We believe this is fixed in: iOS 16.0 Beta 1 (and newer) macOS Ventura Beta 1 (and newer). |