Merge pull request #2857 from markt-asf/fix-issue-2848

Restore cookie-name = token
httpwg · Aug 13, 2024 · 33dbb91 · 33dbb91
2 parents 8dec5fc + c1caae0
commit 33dbb91
Showing 1 changed file with 11 additions and 9 deletions.
diff --git a/draft-ietf-httpbis-rfc6265bis.md b/draft-ietf-httpbis-rfc6265bis.md
@@ -564,12 +564,13 @@ grammar:
 set-cookie        = set-cookie-string
 set-cookie-string = BWS cookie-pair *( BWS ";" OWS cookie-av )
 cookie-pair       = cookie-name BWS "=" BWS cookie-value
-cookie-name       = 1*cookie-octet
+cookie-name       = token
 cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
 cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
-                      ; whitespace DQUOTE, comma, semicolon,
+                      ; whitespace, DQUOTE, comma, semicolon,
                       ; and backslash
+token             = <token, defined in [RFC7230], Section 3.2.6>
 
 cookie-av         = expires-av / max-age-av / domain-av /
                     path-av / secure-av / httponly-av /
@@ -1289,13 +1290,14 @@ the user agent MUST parse the field-value of the Set-Cookie header field as a
 set-cookie-string (defined below).
 
 NOTE: The algorithm below is more permissive than the grammar in {{sane-set-cookie}}.
-For example, the algorithm strips leading and trailing whitespace from the
-cookie name and value (but maintains internal whitespace), whereas the grammar
-in {{sane-set-cookie}} forbids whitespace in these positions. In addition, the
-algorithm below accommodates some characters that are not cookie-octets
-according to the grammar in {{sane-set-cookie}}. User agents use this algorithm
-so as to interoperate with servers that do not follow the recommendations in
-{{sane-profile}}.
+For example, the algorithm allows cookie-name to be comprised of cookie-octets
+instead of being a token as specified in {{sane-set-cookie}} and the algorithm
+accommodates some characters that are not cookie-octets according to the
+grammar in {{sane-set-cookie}}. In addition, the algorithm below also strips
+leading and trailing whitespace from the cookie name and value (but maintains
+internal whitespace), whereas the grammar in {{sane-set-cookie}} forbids
+whitespace in these positions. User agents use this algorithm so as to
+interoperate with servers that do not follow the recommendations in {{sane-profile}}.
 
 NOTE: As set-cookie-string may originate from a non-HTTP API, it is not
 guaranteed to be free of CTL characters, so this algorithm handles them