Opened 7 years ago

Closed 7 years ago

#1075 closed defect (fixed)

[intarweb] Expires attribute of set-cookie-parser should use rfc1123 dates

Reported by: RvdH Owned by: sjamaan
Priority: major Milestone: someday
Component: unknown Version: 4.8.x
Keywords: Cc:
Estimated difficulty:

Description

A comment in header-parsers.scm says:

;; We're using http-date-subparser for 'expires' instead of rfc850-subparser
;; (which would be the correct thing to do) because several well-known web
;; server software packages (tested: PHP and Rails) get it wrong.  So we
;; will go by the robustness principle and allow any kind of HTTP date.

But according to RFC6265 (http://tools.ietf.org/html/rfc6265#section-4.1) the Expires attribute should use RFC1123 dates, not RFC850 dates.

So I think (at least) the comment is not correct.

Change History (1)

comment:1 Changed 7 years ago by sjamaan

Resolution: fixed
Status: newclosed

Thanks for pointing out the mistake. I've corrected it to mention RFC1123, instead.

Note: See TracTickets for help on using tickets.