Backport for 2.5.x #6289: Apply Netty's cookie encoder/decoder updates. #6306
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ecoder updates. This commit applies [1] to the Play's cookie encoder/decoder implementation. Netty was update cookie encoder/decoder at 2015/4/14 [2] and 2016/5/19 [1]. And Play was update cookie encoder/decoder at 2015/5/11. So, [1] is not applied to Play yet. [1] is `Drop broken DefaultCookie name validation`. Detail is discussed in issue [4] (`DefaultCookie's own name validation doesn't conform to RFC6265 playframework#4999`) . I think, current Play's DefaultCookie has the same issue. > it doesn't conform to RFC6265, eg seperators such as @ are allowed > it's redundant with the checks performed in CookieEncoder/Decoder in STRICT mode (those are RFC6265 compliant) And, RFC6265 accepts, cookie-name which starts with `$` [5] [6] ``` cookie-name = token token = 1*<any CHAR except CTLs or separators> separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT ``` However, current play implementation throws an exception at [7]. So, I think applying [1] is suitable for better RFC following. [1]: netty/netty@1d9c58b [2]: netty/netty@97d871a [3]: playframework@663dadb [4]: netty/netty#4999 [5]: https://tools.ietf.org/html/rfc6265#section-4.1.1 [6]: https://tools.ietf.org/html/rfc2616#section-2.2 [7]: https://github.com/playframework/playframework/blob/2.5.4/framework/src/play-netty-utils/src/main/java/play/core/netty/utils/DefaultCookie.java#L61-L63
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Checklist
Purpose
This PR backports #6289.
Background Context
please see #6289