Hi,
While upgrading to Netty 4.1.5, I noticed the following behaviour with cookie decoding:
STRICT cookie decoder silently ignores all incorrect cookies: For example
@Test
public void testCookieDecoder() throws Exception {
// Invalid cookie name as it contains a delimiter ',' character:
Set<Cookie> cookies = ServerCookieDecoder.STRICT.decode("HttpOnly,hparg=foo;\n");
System.out.println("Decoded: " + cookies);
}
This will print:
"Decoded: []"
Now the caller remains completely clueless that there in fact was an invalid cookie present. This doesn't throw any exceptions due to illegal cookie names. I assume this is by design?
If so it would be useful to have a version of .decode() that could be used for validation purposes. One that would throw an exception when faced with invalid cookie names etc. What do you think?
Many thanks,
Mikko