SecurityWrapperRequest.getHeaderValues - cookie handling

fusioncop / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java

Other

0 stars 0 forks source link

SecurityWrapperRequest.getHeaderValues - cookie handling #245

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

As per the discussion on the mailing list, 
SecurityWrapperRequest.getHeaderValues is applying the HTTPHeaderValue 
validator to the cookie headers and restricting the length to 150 chars.

Chris suggested that this method should ignore cookies along with 
SecurityWrapperResponse too.

Original issue reported on code.google.com by luke.bid...@gmail.com on 31 Aug 2011 at 9:06