You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/oas.md
+28-19Lines changed: 28 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3092,14 +3092,14 @@ For HTTP messages, this is purely a serialization concern, and no more of a prob
3092
3092
3093
3093
However, because examples and values modeled with `content` do not incorporate the header name, for these fields `Set-Cookie` MUST be handled by placing each value on a separate line, without the header name or the `:` delimiter.
3094
3094
3095
-
The following example shows two different ways to describe `Set-Cookie` headers that require cookies named `"lang"` and `"foo"`. The first uses `content` to preserve the necessary whitespace in the `"Expires"` cookie attribute, while the second shows the use of `style: "simple"` and forbids whitespace to ensure that values work with this serialization approach:
3095
+
Note also that any URI percent-encoding, base64 encoding, or other escaping MUST be performed prior to supplying the data to OAS tooling; see [Appendix D](appendix-d-serializing-headers-and-cookies) for details.
3096
+
3097
+
The following example shows two different ways to describe `Set-Cookie` headers that require cookies named `"lang"` and `"foo"`, as well as a `"urlSafeData"` cookie that is expected to be percent-encoded. The first uses `content` in order to show exactly how such examples are formatted, but also notes the limitations of schema constraints with multi-line text. The second shows the use of `style: "simple"`, which produces the same serialized example text (with each line corresponding to one `Set-Cookie:` line in the HTTP response), but allows schema constraints on each cookie; note that the percent-encoding is already applied in the `dataValue` field of the example:
3096
3098
3097
3099
```yaml
3098
3100
components:
3099
3101
headers:
3100
-
SetCookieWithExpires:
3101
-
# Spaces within the Expires values prevent the use of `schema` and
3102
-
# `style` as they would be percent-encoded, even with `allowReserved`.
3102
+
SetCookieWithContent:
3103
3103
content:
3104
3104
text/plain:
3105
3105
schema:
@@ -3111,46 +3111,55 @@ components:
3111
3111
# This demonstrates that the text is required to be provided
3112
3112
# in the final format, and is not changed by serialization.
3113
3113
# In practice, it is not necessary to show both value fields.
3114
+
# Note that only the comma (%2C) would need to be percent-encoded
3115
+
# if percent-encoding were only being done to make the value
3116
+
# a valid cookie, as space (%20) and the exclamation point (%21)
3117
+
# are allowed in cookies, but not in URLs. See the cookie
3118
+
# input parameter examples for an example of encoding only
3119
+
# what is needed for the cookie syntax.
3114
3120
dataValue: |
3115
3121
lang=en-US; Expires=Wed, 09 Jun 2021 10:18:14 GMT
3116
3122
foo=bar; Expires=Wed, 09 Jun 2021 10:18:14 GMT
3123
+
urlSafeData: Hello%2C%20world%21
3117
3124
serializedValue: |
3118
3125
lang=en-US; Expires=Wed, 09 Jun 2021 10:18:14 GMT
3119
3126
foo=bar; Expires=Wed, 09 Jun 2021 10:18:14 GMT
3120
-
SetCookieWithNoSpaces:
3127
+
urlSafeData: Hello%2C%20world%21
3128
+
SetCookieWithSchemaAndStyle:
3121
3129
schema:
3122
3130
type: object
3123
3131
required:
3124
3132
- lang
3125
3133
- foo
3134
+
- urlSafeData
3135
+
properties:
3136
+
urlSafeData:
3137
+
type: string
3138
+
pattern: ^[-_.%a-zA-Z0-9]+(;|$)
3126
3139
additionalProperties:
3127
-
type: string
3128
-
pattern: "^[^[:space:]]*$"
3140
+
$comment: Require an Expires parameter
3141
+
pattern: "; *Expires="
3129
3142
style: simple
3130
3143
explode: true
3131
3144
examples:
3132
3145
SetCookies:
3133
3146
dataValue: {
3134
-
"lang": "en-US",
3135
-
"foo": "bar"
3147
+
"lang": "en-US; Expires=Wed, 09 Jun 2021 10:18:14 GMT"
3148
+
"foo": "bar; Expires=Wed, 09 Jun 2021 10:18:14 GMT"
3149
+
"urlSafeData": "Hello%2C%20world%21"
3136
3150
}
3137
3151
serializedValue: |
3138
-
lang=en-US
3139
-
foo=bar
3152
+
lang=en-US; Expires=Wed, 09 Jun 2021 10:18:14 GMT
3153
+
foo=bar; Expires=Wed, 09 Jun 2021 10:18:14 GMT
3154
+
urlSafeData: Hello%2C%20world%21
3140
3155
```
3141
3156
3142
-
In an HTTP message, the serialized example with Expires would look like:
3157
+
In an HTTP message, the serialized example would look like:
3143
3158
3144
3159
```http
3145
3160
Set-Cookie: lang=en-US; Expires=Wed, 09 Jun 2021 10:18:14 GM
3146
3161
Set-Cookie: foo=bar; Expires=Wed, 09 Jun 2021 10:18:14 GMT
0 commit comments