Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie parameter "domain" might be wrongly encoded (for non-ASCII-only domains) #1033

Open
d-maurer opened this issue Apr 15, 2022 · 0 comments
Open

Cookie parameter "domain" might be wrongly encoded (for non-ASCII-only domains) #1033

d-maurer opened this issue Apr 15, 2022 · 0 comments
Labels
question

Comments

@d-maurer
Copy link
Contributor

HTTP specifies "ISO-8859-1" as charset to be used in its headers; however, recently non-ASCII characters are deprecated altogether. This poses the question how to encode non-ASCII material in those headers.

There are many competing standards to encode non-ASCII as ASCII, even in the context of HTTP. Often, the relevant specifications do not answer the question which encoding should be used.

Originally, domain names have been ASCII-only; but then international domain names have been allowed together with the IDNA standard which specifies how international domain names can be ASCII encoded. Implementing the cookie enhancement, I chose this encoding for the domain parameter. This choice might have been wrong.
Working on #1027, I recognized that modern browsers might instead expect the usual UTF-8 than URL-quote encoding (which is significantly simpler than IDNA) also for the domain cookie parameter.

I have no means to determine which is the "correct" (i.e. supported by modern browser) encoding.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@d-maurer