Opened 11 years ago
Closed 11 years ago
#1075 closed defect (fixed)
[intarweb] Expires attribute of set-cookie-parser should use rfc1123 dates
Reported by: | RvdH | Owned by: | sjamaan |
---|---|---|---|
Priority: | major | Milestone: | someday |
Component: | unknown | Version: | 4.8.x |
Keywords: | Cc: | ||
Estimated difficulty: |
Description
A comment in header-parsers.scm
says:
;; We're using http-date-subparser for 'expires' instead of rfc850-subparser ;; (which would be the correct thing to do) because several well-known web ;; server software packages (tested: PHP and Rails) get it wrong. So we ;; will go by the robustness principle and allow any kind of HTTP date.
But according to RFC6265 (http://tools.ietf.org/html/rfc6265#section-4.1) the Expires attribute should use RFC1123 dates, not RFC850 dates.
So I think (at least) the comment is not correct.
Note: See
TracTickets for help on using
tickets.
Thanks for pointing out the mistake. I've corrected it to mention RFC1123, instead.