cURL / Mailing Lists / curl-library / Single Mail


Re: Bug 3349227

From: Daniel Stenberg <>
Date: Mon, 4 Jul 2011 22:11:40 +0200 (CEST)

On Sun, 3 Jul 2011, Rob Ward wrote:

> I've recently started learning the internals of how Curl works and in doing
> so decided to have a go at fixing a bug(3349227) where curl does not
> understand the secure= attribute in cookies. I have attached a set of
> proposed patches that include the fix and an update to test 31 that verifies
> the fix. This implementation is based on my limited understanding of how the
> cookies code(and the internals of curl) works so I would suggest it be
> checked in case I have missed a simpler solution.

Hi Rob, thanks for your contribution and desire to help!

  Since the cookie RFC allows 'secure=' instead of 'secure', it also allows
'httponly=' instead of 'httponly' so I think we should adapt for that version
too while we're at it, and add that to the test case. Oh, and perhaps we
should also add a test case or two for when the cookie name is actually
'secure' or 'httponly' as in 'secure=yes' since then it isn't the same as when

List admin:
Received on 2011-07-04