search

cloudflare / lua-resty-cookie

Lua library for HTTP cookie manipulations for OpenResty/ngx_lua
347 stars 160 forks source link

Update cookie.lua #45

Closed wangxiaochuang closed 2 years ago

wangxiaochuang commented 3 years ago

fix the cookie string parse err problem when cookie value contains a space

wangxiaochuang commented 3 years ago

support cookie value with space

jdesgats commented 2 years ago

Thank you for your contribution, however, the RFC-6265 states that space is not a valid character in a cookie value: https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1

 cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
 cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace DQUOTE, comma, semicolon,
                       ; and backslash

The current implementation is right to refuse such cookies.