From 78e6e1f27ec8b0e969b914ccb9f32373c6e2a5d2 Mon Sep 17 00:00:00 2001 From: Mike Taylor Date: Mon, 4 Oct 2021 17:32:51 -0400 Subject: [PATCH 1/3] Issue #1332 - Specify empty domain attribute handling. --- draft-ietf-httpbis-rfc6265bis.md | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/draft-ietf-httpbis-rfc6265bis.md b/draft-ietf-httpbis-rfc6265bis.md index 379ab27d2..c7981fff1 100644 --- a/draft-ietf-httpbis-rfc6265bis.md +++ b/draft-ietf-httpbis-rfc6265bis.md @@ -1250,21 +1250,24 @@ user agent MUST process the cookie-av as follows. If the attribute-name case-insensitively matches the string "Domain", the user agent MUST process the cookie-av as follows. -1. If the attribute-value is empty, the behavior is undefined. However, the - user agent SHOULD ignore the cookie-av entirely. +1. If the attribute-value is empty: -2. If the first character of the attribute-value string is %x2E ("."): + 1. Let cookie-domain be the canonicalized request-host. - 1. Let cookie-domain be the attribute-value without the leading %x2E + Otherwise: + + 2. If the first character of the attribute-value string is %x2E ("."): + + 1. Let cookie-domain be the attribute-value without the leading %x2E (".") character. - Otherwise: + Otherwise: - 1. Let cookie-domain be the entire attribute-value. + 2. Let cookie-domain be the entire attribute-value. -3. Convert the cookie-domain to lower case. +2. Convert the cookie-domain to lower case. -4. Append an attribute to the cookie-attribute-list with an attribute-name +3. Append an attribute to the cookie-attribute-list with an attribute-name of Domain and an attribute-value of cookie-domain. ### The Path Attribute From be9189855aa689b16dbd0962b0d9c6429cd90baa Mon Sep 17 00:00:00 2001 From: Mike Taylor Date: Tue, 5 Oct 2021 19:22:25 -0400 Subject: [PATCH 2/3] Issue #1332 - Address review feedback --- draft-ietf-httpbis-rfc6265bis.md | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/draft-ietf-httpbis-rfc6265bis.md b/draft-ietf-httpbis-rfc6265bis.md index c7981fff1..7b1568708 100644 --- a/draft-ietf-httpbis-rfc6265bis.md +++ b/draft-ietf-httpbis-rfc6265bis.md @@ -1250,24 +1250,14 @@ user agent MUST process the cookie-av as follows. If the attribute-name case-insensitively matches the string "Domain", the user agent MUST process the cookie-av as follows. -1. If the attribute-value is empty: +1. Let cookie-domain be the attribute-value. - 1. Let cookie-domain be the canonicalized request-host. +2. If cookie-domain starts with %x2E ("."), let cookie-domain be cookie-domain + without its leading %x2E ("."). - Otherwise: - - 2. If the first character of the attribute-value string is %x2E ("."): - - 1. Let cookie-domain be the attribute-value without the leading %x2E - (".") character. - - Otherwise: - - 2. Let cookie-domain be the entire attribute-value. - -2. Convert the cookie-domain to lower case. +3. Convert the cookie-domain to lower case. -3. Append an attribute to the cookie-attribute-list with an attribute-name +4. Append an attribute to the cookie-attribute-list with an attribute-name of Domain and an attribute-value of cookie-domain. ### The Path Attribute From 85c6aefb8236e0cf62957d60354a8c7d5ac9e53a Mon Sep 17 00:00:00 2001 From: Mike Taylor Date: Wed, 6 Oct 2021 18:18:22 -0400 Subject: [PATCH 3/3] Issue #1332 - Changelog update --- draft-ietf-httpbis-rfc6265bis.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/draft-ietf-httpbis-rfc6265bis.md b/draft-ietf-httpbis-rfc6265bis.md index 7b1568708..3699ece3a 100644 --- a/draft-ietf-httpbis-rfc6265bis.md +++ b/draft-ietf-httpbis-rfc6265bis.md @@ -2417,6 +2417,9 @@ The "Cookie Attribute Registry" should be created with the registrations below: * No longer treat horizontal tab as a control character: +* Specify empty domain attribute handling: + + # Acknowledgements {:numbered="false"} RFC 6265 was written by Adam Barth. This document is an update of RFC 6265,