ska2342
commented
4 years ago Tests run through, but I think there are no tests for the cookie spec. I don't feel confident enough to write one myself.
Open ska2342 opened 4 years ago
ska2342
commented
4 years ago Tests run through, but I think there are no tests for the cookie spec. I don't feel confident enough to write one myself.
rymndhng
commented
4 years ago Based on what I've read from the upstream documentation, I think this would apply to the minor version 4.6.x. As far as I can see, there are no plans in the upstream project to release 4.6.x.
For versions 3.x, I think it's best to retain the existing behaviour to match up.
However, if/when 4.x version is released, the default cookie behaviour should be adjusted to match the upstream default.
Reasoning
The Apache HTTP Client documentation has this to say about the DEFAULT cookie spec:
"This policy will be deprecated in favor of the standard (RFC 6265 compliant) implementation in the next minor release of HttpClient." (https://hc.apache.org/httpcomponents-client-ga/tutorial/html/statemgmt.html)
The same document then states: "It is strongly recommended to use either Standard or Standard strict policy in new applications."
This change makes CookieSpecs/STANDARD the default for the get-cookie-policy multimethod.