Changes between Initial Version and Version 1 of Ticket #19922, comment 9
- Timestamp:
- 02/12/2012 11:26:16 PM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #19922, comment 9
initial v1 3 3 Things which currently break in the typical situation where the server sets cookies with the Set-Cookie header: 4 4 5 * if a server sets a cookie like "1234:/ /", the urldecode will leave that alone, and the encode will mess with the colons and slashes, so you'll end up sending the server something different from what it gave you. (This one also breaks when you build the cookie by hand with data from another source, which is what happens in the LJ API case).5 * if a server sets a cookie like "1234:/", the urldecode will leave that alone, and the encode will mess with the colons and slashes, so you'll end up sending the server something different from what it gave you. (This one also breaks when you build the cookie by hand with data from another source, which is what happens in the LJ API case). 6 6 7 7 * if a server sets a cookie like "%41", the urldecode will turn that into "A", and the encode will leave it alone, again meaning you send the server something other than what it gave you.