From 5b46cb4cfe7aaabe8c97dd1fbccc42bce21a82a6 Mon Sep 17 00:00:00 2001
From: Jeff Pinner <jpinner@twitter.com>
Date: Wed, 9 Nov 2011 09:51:26 -0800
Subject: [PATCH] ignore HttpOnly as a cookie name instead of throwing
 exception

---
 .../handler/codec/http/CookieDecoder.java     | 20 +++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/jboss/netty/handler/codec/http/CookieDecoder.java b/src/main/java/org/jboss/netty/handler/codec/http/CookieDecoder.java
index 9fb28fe1ba..e2b4ee0bf2 100644
--- a/src/main/java/org/jboss/netty/handler/codec/http/CookieDecoder.java
+++ b/src/main/java/org/jboss/netty/handler/codec/http/CookieDecoder.java
@@ -50,11 +50,22 @@ public class CookieDecoder {
 
     private final static String COMMA = ",";
 
+    private final boolean lenient;
+
     /**
-     * Creates a new decoder.
+     * Creates a new decoder with strict parsing.
      */
     public CookieDecoder() {
-        super();
+        this(false);
+    }
+
+    /**
+     * Creates a new decoder.
+     *
+     * @param lenient ignores cookies with the name 'HTTPOnly' instead of throwing an exception
+     */
+    public CookieDecoder(boolean lenient) {
+        this.lenient = lenient;
     }
 
     /**
@@ -95,6 +106,11 @@ public class CookieDecoder {
         Set<Cookie> cookies = new TreeSet<Cookie>();
         for (; i < names.size(); i ++) {
             String name = names.get(i);
+            // Not all user agents understand the HttpOnly attribute
+            if (lenient && CookieHeaderNames.HTTPONLY.equalsIgnoreCase(name)) {
+                continue;
+            }
+
             String value = values.get(i);
             if (value == null) {
                 value = "";