Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
max cookie age capped to 400 days
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 18 Dec 2023 11:27:47 +0100 (CET)
Hello,
In the draft document for the pending cookie RFC update [1], there is language
that says user-agents should limit the maximum expiry time for cookies to no
more than 400 days.
I have a PR [2] that implements this. The only problem is that in order to get
a stable test output, this needs to set the time to a fixed value. In order to
set the time for a test, it can only do this in debug builds.
Thus, this change converts four cookie tests (31, 46, 61 and 1415) to become
debug-build-only tests, which then of course limits cookie testing for those
*not* doing debug builds.
I don't like this, but I also can't think of a way to do this test nicely
without leaning on debug-only features. Unless perhaps we add some math
knowledge to the test runner, but it seems fragile as well.
Anyone with a better idea or thoughts on this topic?
[1] = https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-13
[2] = https://github.com/curl/curl/pull/12333
Date: Mon, 18 Dec 2023 11:27:47 +0100 (CET)
Hello,
In the draft document for the pending cookie RFC update [1], there is language
that says user-agents should limit the maximum expiry time for cookies to no
more than 400 days.
I have a PR [2] that implements this. The only problem is that in order to get
a stable test output, this needs to set the time to a fixed value. In order to
set the time for a test, it can only do this in debug builds.
Thus, this change converts four cookie tests (31, 46, 61 and 1415) to become
debug-build-only tests, which then of course limits cookie testing for those
*not* doing debug builds.
I don't like this, but I also can't think of a way to do this test nicely
without leaning on debug-only features. Unless perhaps we add some math
knowledge to the test runner, but it seems fragile as well.
Anyone with a better idea or thoughts on this topic?
[1] = https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-13
[2] = https://github.com/curl/curl/pull/12333
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-12-18