[Web-SIG] Move to bless Graham's WSGI 1.1 as official spec
Manlio Perillo
manlio_perillo at libero.it
Thu Dec 3 19:52:14 CET 2009
And Clover ha scritto:
> [...]
>> Cookie data SHOULD be transparent to the server/gateway; however WSGI is
>> going to assume that data is encoded in latin-1.
>
> Yeah. This is no big deal because non-ASCII characters in cookies are
> already broken everywhere(*). Given this and other limitations on what
> characters can go in cookies, they are habitually encoded using ad-hoc
> mechanisms handled by the application (typically a round of URL-encoding).
>
> *: in particular:
>
> - Opera and Chrome send non-ASCII cookie characters in UTF-8.
> - IE encodes using the system codepage (which can never be UTF-8),
> mangling any characters that don't fit in the codepage through the
> traditional Windows 'similar replacement character' scheme.
> - Mozilla uses the low byte of each UTF-16 code point (so ISO-8859-1
> gets through but everything else is mangled)
> - Safari refuses to send any cookie containing non-ASCII characters.
>
Thanks for this summary.
I think it should go in a wiki or in a separate document (like
rationale) to the WSGI spec.
However this should never happen with cookie, since cookie data is
opaque to browser, and it MUST send it "as is".
What you describe happen with other headers containing TEXT.
And now I understand that strange behaviour of Firefox with non latin-1
strings in username, in HTTP Basic Authentication.
> [...]
Regards Manlio
More information about the Web-SIG
mailing list