RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 6 records.

Status: Verified (2)

RFC 6265, "HTTP State Management Mechanism", April 2011

Source of RFC: httpstate (app)

Errata ID: 3444
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Eran Hammer
Date Reported: 2013-01-06
Verifier Name: Pete Resnick
Date Verified: 2013-02-18

Section 4.1.1 says:

path-value        = <any CHAR except CTLs or ";">
extension-av      = <any CHAR except CTLs or ";">

It should say:

path-value        = * <any CHAR except CTLs or ";">
extension-av      = * <any CHAR except CTLs or ";">

Notes:

A better correction could also be:

path-value = *av-octet
extension-av = *av-octet
av-octet = %x20-3A / %x3C-7E
; any CHAR except CTLs or ";"

Errata ID: 4148
Status: Verified
Type: Technical
Publication Format(s) : TEXT

Reported By: Zhong Yu
Date Reported: 2014-10-28
Verifier Name: Barry Leiba
Date Verified: 2014-10-30

Section 5.1.1 says:

   day-of-month    = 1*2DIGIT ( non-digit *OCTET )
...
   year            = 2*4DIGIT ( non-digit *OCTET )
   time            = hms-time ( non-digit *OCTET )

It should say:

   day-of-month    = 1*2DIGIT [ non-digit *OCTET ]
...
   year            = 2*4DIGIT [ non-digit *OCTET ]
   time            = hms-time [ non-digit *OCTET ]

Notes:

The trailing extra chars for these fields should be *optional*, not *required*.

Status: Reported (4)

RFC 6265, "HTTP State Management Mechanism", April 2011

Source of RFC: httpstate (app)

Errata ID: 6719
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Philip Gladstone
Date Reported: 2021-10-22

Section 4.1.1 says:

max-age-av        = "Max-Age=" non-zero-digit *DIGIT

It should say:

max-age-av           = "Max-Age=" non-negative-integer
non-negative-integer = zero-digit / (non-zero-digit *DIGIT)
zero-digit           = %x30

Notes:

In section 5.2.2, there is the following text on the value of the max-age:

> Let delta-seconds be the attribute-value converted to an integer.
>
> If delta-seconds is less than or equal to zero (0), let expiry-time
> be the earliest representable date and time.

If max-age is an integer greater than 0, then the entire sentence is meaningless. It is a common practice to use max-age=0 to expire a cookie immediately. I think that the ABNF is incorrect. However, I don't see any reason to permit negative values.

Errata ID: 7604
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Ted Zhu
Date Reported: 2023-08-15

Section 3. Overview says:

User agents MAY ignore Set-Cookie headers contained in
responses with 100-level status codes but MUST process Set-Cookie
headers contained in other responses (including responses with 400-
and 500-level status codes).

It should say:

Cookie-enabled user agents MAY ignore Set-Cookie headers contained in
responses with 100-level status codes but MUST process Set-Cookie
headers contained in other responses (including responses with 400-
and 500-level status codes).

Notes:

The concern is that the sentence in its original form may be read to mean that all conforming user agents MUST process Set-Cookie headers contained in non 100-level responses, when, differing behavior is allowed as described in sections 5.2 and 7.2:

Section 5.2, paragraph 1: "When a user agent receives a Set-Cookie header field in an HTTP response, the user agent MAY ignore the Set-Cookie header field in its entirety."

Section 7.2, paragraph 2: "When cookies are disabled, ... the user agent MUST NOT process Set-Cookie headers in inbound HTTP responses."

The suggested correction is one possible way to alleviate this erratum concern. However, the erratum author does not know if this is the most optimal disambiguation method.

Errata ID: 5518
Status: Reported
Type: Editorial
Publication Format(s) : TEXT

Reported By: Peter Wu
Date Reported: 2018-10-09

Section 4.1.1 says:

 cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace DQUOTE, comma, semicolon,
                       ; and backslash

It should say:

 cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                       ; US-ASCII characters excluding CTLs,
                       ; whitespace, DQUOTE, comma, semicolon,
                       ; and backslash

Notes:

Missing comma separator between "whitespace" and "DQUOTE".

Errata ID: 6093
Status: Reported
Type: Editorial
Publication Format(s) : TEXT

Reported By: Attila Gulyas
Date Reported: 2020-04-12

Section 3 says:

Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field.  The usual mechanism for folding HTTP headers fields (i.e., as defined in [RFC2616]) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such folding.


It should say:

Origin servers SHOULD NOT combine multiple Set-Cookie header fields into a single header field.  The usual mechanism for combining HTTP headers fields (i.e., as defined in [RFC2616]) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such actions.

Notes:

RFC 6265 currently uses the verb "folding" when it refers to combining multiple header fields into one, which is ambiguous in the context of the HTTP/1 specs (both by RFC2616 and RFC 7230) where "folding" consistently refers to line folding, and the verb "combine" is used to describe merging same headers. Having a light HTTP knowledge, I naively started looking up "folding" in the HTTP specs, and was immediately confused by the results, others will probably be as well (especially is English is not their native tongue).

Examples to prove this consistency:
+ RFC 2616, Section 4.2, Message Headers, but searching for the for the word "combine" will bring up special cases.
+ RFC 7230, Section 3.2.2, Field Order
+ RFC 2616, Section 2.2, Basic Rules
+ RFC 7230, Section 3.2.4, Field Parsing

Thank you!

Report New Errata



Advanced Search