cookies: first n/v pair in Set-Cookie: is the cookie, then parameters

RFC 6265 section 4.1.1 spells out that the first name/value pair in the header is the actual cookie name and content, while the following are the parameters. libcurl previously had a more liberal approach which causes significant problems when introducing new cookie parameters, like the suggested new cookie priority draft. The previous logic read all n/v pairs from left-to-right and the first name used that wassn't a known parameter name would be used as the cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be a cookie named 'person' while an RFC 6265 compliant parser should consider that to be a cookie named 'Max-Age' with an (unknown) parameter 'person'. Fixes #709
author: Daniel Stenberg <daniel@haxx.se> 2016-03-10 11:20:56 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2016-03-10 11:26:12 +0100
commit: 7f7fcd0d756416b0a146b6f34a899e59456b2c17 (patch)
tree: 2bff1f9a5d478722dfc7caca1ed0260378482a3b /tests/data/test1218
parent: 4d4ce84bb3eccbf9c249f1a43fa79fb9ba14a29b (diff)
download: curl-7f7fcd0d756416b0a146b6f34a899e59456b2c17.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/data/test1218 b/tests/data/test1218
index ee18cb528..9c2fc0389 100644
--- a/tests/data/test1218
+++ b/tests/data/test1218
@@ -14,7 +14,7 @@ cookies
 <data>
 HTTP/1.1 200 OK
 Date: Tue, 25 Sep 2001 19:37:44 GMT
-Set-Cookie: domain=.example.fake; bug=fixed;
+Set-Cookie: bug=fixed; domain=.example.fake;
 Content-Length: 21
 
 This server says moo
author	Daniel Stenberg <daniel@haxx.se>	2016-03-10 11:20:56 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2016-03-10 11:26:12 +0100
commit	7f7fcd0d756416b0a146b6f34a899e59456b2c17 (patch)
tree	2bff1f9a5d478722dfc7caca1ed0260378482a3b /tests/data/test1218
parent	4d4ce84bb3eccbf9c249f1a43fa79fb9ba14a29b (diff)
download	curl-7f7fcd0d756416b0a146b6f34a899e59456b2c17.tar.gz