cURL / Mailing Lists / curl-library / Single Mail

curl-library

Cookie Secure flag

From: Pierre Brico <pierre.brico_at_gmail.com>
Date: Wed, 17 Feb 2016 23:19:43 +0100

Hello,

I've a question about the usage of libcurl with Secure Flag on Cookie.

I'm writing a injector tool to perform benchmark on web application. This
tool is based on libcurl and libevent.

The web application isn't exposed directly to the web but uses a F5 ASM for
security purposes. This F5 appliance takes the HTTPS flow, process it from
a security point of view and then forward it as HTTP to the web server.

USER <=> INTERNET <=> F5 <=> APPLICATION
         HTTPS HTTPS HTTP

For my injection tool, I would like to avoid using the F5 and connect
directly to the application server. But the application is sending Cookie
with Secure flag enabled (which is working with the F5 but not using direct
connection HTTP).

So my question is: is it possible to tell libcurl to ignore the Secure Flag
and process the Cookie as a "normal" cookie ?

Thanks,
Pierre

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-02-17