I think we should add the following to the Set a Cookie section:
1. If |name| contains U+003D (`=`), then return failure.
Otherwise, a cookie with a name containing = will be incorrectly parsed by the server, which I think is more of a bug than a feature. RFC6265bis doesn't explicitly forbid this right now (this case is only possible for cookies not constructed by parsing a cookie line), but I've opened a ticket there for this as well - https://github.com/httpwg/http-extensions/issues/1593
I think we should add the following to the
Set a Cookie
section:Otherwise, a cookie with a name containing
=
will be incorrectly parsed by the server, which I think is more of a bug than a feature. RFC6265bis doesn't explicitly forbid this right now (this case is only possible for cookies not constructed by parsing a cookie line), but I've opened a ticket there for this as well - https://github.com/httpwg/http-extensions/issues/1593