cURL / Mailing Lists / curl-library / Single Mail


Re: Bug 3349227

From: Rob Ward <>
Date: Mon, 4 Jul 2011 21:37:35 +0100

On 4 July 2011 21:11, Daniel Stenberg <> wrote:

> On Sun, 3 Jul 2011, Rob Ward wrote:
> I've recently started learning the internals of how Curl works and in
>> doing so decided to have a go at fixing a bug(3349227) where curl does not
>> understand the secure= attribute in cookies. I have attached a set of
>> proposed patches that include the fix and an update to test 31 that verifies
>> the fix. This implementation is based on my limited understanding of how the
>> cookies code(and the internals of curl) works so I would suggest it be
>> checked in case I have missed a simpler solution.
> Hi Rob, thanks for your contribution and desire to help!
> Since the cookie RFC allows 'secure=' instead of 'secure', it also allows
> 'httponly=' instead of 'httponly' so I think we should adapt for that
> version too while we're at it, and add that to the test case. Oh, and
> perhaps we should also add a test case or two for when the cookie name is
> actually 'secure' or 'httponly' as in 'secure=yes' since then it isn't the
> same as when 'secure='.
> --
> /
> ------------------------------**------------------------------**-------
> List admin:**listinfo/curl-library<>
> Etiquette:**etiquette.html<>

That's fine, I can look at making them changes over the next few days. I've
listed the proposed test cases below based off of the tests I already have
and the ones you have proposed, do they look sensible? Can anyone think of
any other tests that could/should be added?

Rob Ward

Set-Cookie: sec1value=secure1 ; domain=; path=/secure1/ ; secure
Set-Cookie: sec2value=secure2 ; domain=; path=/secure2/ ; secure=
Set-Cookie: sec3value=secure3 ; domain=; path=/secure/ ; secure=
Set-Cookie: sec4value=secure4 ; secure=; domain=; path=/secure2/;
Set-Cookie: secure=very1 ; secure=; domain=; path=/secure2/;
Set-Cookie: secure=very2 ; secure; domain=; path=/secure2/;
Set-Cookie: secure=very3 ; domain=; path=/secure2/; secure
Set-Cookie: secure=very4 ; domain=; path=/secure2/; secure=

Set-Cookie: name1=value1 ; domain=; path=/p1/; httponly
Set-Cookie: name2=value2 ; domain=; path=/p2/; httponly=
Set-Cookie: name3=value3 ; httponly; domain=; path=/p3/;
Set-Cookie: name4=value4 ; httponly=; domain=; path=/p4/;
Set-Cookie: httponly=myvalue ; domain=; path=/p4/; httponly
Set-Cookie: httponly=myvalue2 ; domain=; path=/p4/; httponly=

Rob Ward

List admin:
Received on 2011-07-04