cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Bug 3349227

From: Rob Ward <rob_at_rob-ward.co.uk>
Date: Mon, 4 Jul 2011 21:37:35 +0100

On 4 July 2011 21:11, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Sun, 3 Jul 2011, Rob Ward wrote:
>
> I've recently started learning the internals of how Curl works and in
>> doing so decided to have a go at fixing a bug(3349227) where curl does not
>> understand the secure= attribute in cookies. I have attached a set of
>> proposed patches that include the fix and an update to test 31 that verifies
>> the fix. This implementation is based on my limited understanding of how the
>> cookies code(and the internals of curl) works so I would suggest it be
>> checked in case I have missed a simpler solution.
>>
>
> Hi Rob, thanks for your contribution and desire to help!
>
> Since the cookie RFC allows 'secure=' instead of 'secure', it also allows
> 'httponly=' instead of 'httponly' so I think we should adapt for that
> version too while we're at it, and add that to the test case. Oh, and
> perhaps we should also add a test case or two for when the cookie name is
> actually 'secure' or 'httponly' as in 'secure=yes' since then it isn't the
> same as when 'secure='.
>
> --
>
> / daniel.haxx.se
> ------------------------------**------------------------------**-------
> List admin: http://cool.haxx.se/list/**listinfo/curl-library<http://cool.haxx.se/list/listinfo/curl-library>
> Etiquette: http://curl.haxx.se/mail/**etiquette.html<http://curl.haxx.se/mail/etiquette.html>
>

That's fine, I can look at making them changes over the next few days. I've
listed the proposed test cases below based off of the tests I already have
and the ones you have proposed, do they look sensible? Can anyone think of
any other tests that could/should be added?

Rob Ward

Set-Cookie: sec1value=secure1 ; domain=127.0.0.1; path=/secure1/ ; secure
Set-Cookie: sec2value=secure2 ; domain=127.0.0.1; path=/secure2/ ; secure=
Set-Cookie: sec3value=secure3 ; domain=127.0.0.1; path=/secure/ ; secure=
Set-Cookie: sec4value=secure4 ; secure=; domain=127.0.0.1; path=/secure2/;
Set-Cookie: secure=very1 ; secure=; domain=127.0.0.1; path=/secure2/;
Set-Cookie: secure=very2 ; secure; domain=127.0.0.1; path=/secure2/;
Set-Cookie: secure=very3 ; domain=127.0.0.1; path=/secure2/; secure
Set-Cookie: secure=very4 ; domain=127.0.0.1; path=/secure2/; secure=

Set-Cookie: name1=value1 ; domain=127.0.0.1; path=/p1/; httponly
Set-Cookie: name2=value2 ; domain=127.0.0.1; path=/p2/; httponly=
Set-Cookie: name3=value3 ; httponly; domain=127.0.0.1; path=/p3/;
Set-Cookie: name4=value4 ; httponly=; domain=127.0.0.1; path=/p4/;
Set-Cookie: httponly=myvalue ; domain=127.0.0.1; path=/p4/; httponly
Set-Cookie: httponly=myvalue2 ; domain=127.0.0.1; path=/p4/; httponly=

-- 
------------------------------
Rob Ward
www.rob-ward.co.uk

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-07-04