Bug#553169: iceweasel sends malformed Cookie: headers (e.g. for google-analytics)
mh at glandium.org
Mon Dec 28 10:54:11 UTC 2009
On Mon, Dec 28, 2009 at 11:32:52AM +0100, Marc Lehmann wrote:
> On Mon, Dec 28, 2009 at 11:09:23AM +0100, Mike Hommey <mh at glandium.org> wrote:
> > > So evidence at the moment clearly points to the *existing* situation
> > > breaking stuff, with no evidence to the fix breaking stuff.
> > Have you tried to send escaped cookies to the google servers ?
> After I pointed out in my previous mail that google *servers* are not
> even involved in the bug or the example given, could you explain the
> significance of this question first? It seems to me that there is some
> deep misunderstanding and confusion regarding *servers* vs. *cookies*.
> Besides, I doubt that google servers would be unable to accept properly
> formatted cookies sent by other browsers, but you never know, of course.
> In any case, the bugreport is pretty clear, the bug is pretty obvious, and
> if there is anything in the report is unclear I will happily clarify it.
Let me make things clear: if we ever change the way the Cookies are sent
to the servers, this will matter to those servers that do set cookies
with unquoted =. And google servers are such servers. So if escaping cookies
is going to break interaction with google servers, it's definitely a stopper.
More information about the pkg-mozilla-maintainers