moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

docs: cookies from HTTP headers need domain set 

... or the cookies won't get sent. Push users to using the "Netscape"
format instead, which curl uses when saving a cookie "jar".

Reported-by: Martin Dorey
Reviewed-by: Daniel Gustafsson
Fixes #6723
Closes #7077
This commit is contained in:
Daniel Stenberg 2021-05-16 23:38:35 +02:00
parent e38a826572
commit 5dfa4c08bb
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/cmdline-opts/cookie.d
View File

@ -22,14 +22,10 @@ The file format of the file to read cookies from should be plain HTTP headers
The file specified with --cookie is only used as input. No cookies will be
written to the file. To store cookies, use the --cookie-jar option.
Exercise caution if you are using this option and multiple transfers may
occur. If you use the NAME1=VALUE1; format, or in a file use the Set-Cookie
format and don't specify a domain, then the cookie is sent for any domain
(even after redirects are followed) and cannot be modified by a server-set
cookie. If the cookie engine is enabled and a server sets a cookie of the same
name then both will be sent on a future transfer to that server, likely not
what you intended. To address these issues set a domain in Set-Cookie (doing
that will include sub domains) or use the Netscape format.
If you use the Set-Cookie file format and don't specify a domain then the
cookie is not sent since the domain will never match. To address this, set a
domain in Set-Cookie line (doing that will include sub-domains) or preferably:
use the Netscape format.
This option can be used multiple times.

11
docs/libcurl/opts/CURLOPT_COOKIEFILE.3
View File

@ -44,13 +44,10 @@ libcurl will instead read from stdin.
This option only \fBreads\fP cookies. To make libcurl write cookies to file,
see \fICURLOPT_COOKIEJAR(3)\fP.
Exercise caution if you are using this option and multiple transfers may occur.
If you use the Set-Cookie format and don't specify a domain then the cookie is
sent for any domain (even after redirects are followed) and cannot be modified
by a server-set cookie. If a server sets a cookie of the same name then both
will be sent on a future transfer to that server, likely not what you intended.
To address these issues set a domain in Set-Cookie (doing that will include
sub-domains) or use the Netscape format.
If you use the Set-Cookie file format and don't specify a domain then the
cookie is not sent since the domain will never match. To address this, set a
domain in Set-Cookie line (doing that will include sub-domains) or preferably:
use the Netscape format.
If you use this option multiple times, you just add more files to read.
Subsequent files will add more cookies.