Merge pull request #80 from Lukasa/somewhat-vague

The HTTP specs aren't vague about cookies.
This commit is contained in:
Andrew Godwin 2016-03-10 10:30:08 -08:00
commit e734741fe6

View File

@ -413,11 +413,17 @@ main response, and you should check for ``http_version = 2`` before sending
them; if a protocol server or connection incapable of Server Push receives them; if a protocol server or connection incapable of Server Push receives
these, it should simply drop them. these, it should simply drop them.
The HTTP specs are somewhat vague on the subject of multiple headers; Multiple header fields with the same name are complex in HTTP. RFC 7230
RFC7230 explicitly says they must be merge-able with commas, while RFC6265 states that for any header field that can appear multiple times, it is exactly
says that ``Set-Cookie`` headers cannot be combined this way. This is why equivalent to sending that header field only once with all the values joined by
request ``headers`` is a ``dict``, and response ``headers`` is a list of commas.
tuples, which matches WSGI.
However, RFC 7230 and RFC 6265 make it clear that this rule does not apply to
the various headers used by HTTP cookies (``Cookie`` and ``Set-Cookie``). The
``Cookie`` header must only be sent once by a user-agent, but the
``Set-Cookie`` header may appear repeatedly and cannot be joined by commas.
For this reason, we can safely make the request ``headers`` a ``dict``, but
the response ``headers`` must be sent as a list of tuples, which matches WSGI.
Request Request
''''''' '''''''
@ -450,7 +456,7 @@ Keys:
* ``headers``: Dict of ``{name: value}``, where ``name`` is the lowercased * ``headers``: Dict of ``{name: value}``, where ``name`` is the lowercased
HTTP header name as unicode string and ``value`` is the header value as a byte HTTP header name as unicode string and ``value`` is the header value as a byte
string. If multiple headers with the same name are received, they should string. If multiple headers with the same name are received, they should
be concatenated into a single header as per RFC 2616. Header names containing be concatenated into a single header as per RFC 7230. Header names containing
underscores should be discarded by the server. Optional, defaults to ``{}``. underscores should be discarded by the server. Optional, defaults to ``{}``.
* ``body``: Body of the request, as a byte string. Optional, defaults to ``""``. * ``body``: Body of the request, as a byte string. Optional, defaults to ``""``.