vidyuthd / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
0 stars 0 forks source link

SecurityWrapperRequest.getHeaderValues - cookie handling #245

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
As per the discussion on the mailing list, 
SecurityWrapperRequest.getHeaderValues is applying the HTTPHeaderValue 
validator to the cookie headers and restricting the length to 150 chars.

Chris suggested that this method should ignore cookies along with 
SecurityWrapperResponse too.

Original issue reported on code.google.com by luke.biddell on 31 Aug 2011 at 9:06