moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

docs: cookies from HTTP headers need domain set 

... or the cookies won't get sent. Push users to using the "Netscape"
format instead, which curl uses when saving a cookie "jar".

Reported-by: Martin Dorey
Reviewed-by: Daniel Gustafsson
Fixes #6723
Closes #7077
This commit is contained in:
Daniel Stenberg 2021-05-16 23:38:35 +02:00
parent e38a826572
commit 5dfa4c08bb
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
2 changed files with 8 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/cmdline-opts/cookie.d
View File

@ -22,14 +22,10 @@ The file format of the file to read cookies from should be plain HTTP headers
The file specified with --cookie is only used as input. No cookies will be The file specified with --cookie is only used as input. No cookies will be
written to the file. To store cookies, use the --cookie-jar option. written to the file. To store cookies, use the --cookie-jar option.
Exercise caution if you are using this option and multiple transfers may If you use the Set-Cookie file format and don't specify a domain then the
occur. If you use the NAME1=VALUE1; format, or in a file use the Set-Cookie cookie is not sent since the domain will never match. To address this, set a
format and don't specify a domain, then the cookie is sent for any domain domain in Set-Cookie line (doing that will include sub-domains) or preferably:
(even after redirects are followed) and cannot be modified by a server-set use the Netscape format.
cookie. If the cookie engine is enabled and a server sets a cookie of the same
name then both will be sent on a future transfer to that server, likely not
what you intended. To address these issues set a domain in Set-Cookie (doing
that will include sub domains) or use the Netscape format.
This option can be used multiple times. This option can be used multiple times.

11
docs/libcurl/opts/CURLOPT_COOKIEFILE.3
View File

@ -44,13 +44,10 @@ libcurl will instead read from stdin.
This option only \fBreads\fP cookies. To make libcurl write cookies to file, This option only \fBreads\fP cookies. To make libcurl write cookies to file,
see \fICURLOPT_COOKIEJAR(3)\fP. see \fICURLOPT_COOKIEJAR(3)\fP.
Exercise caution if you are using this option and multiple transfers may occur. If you use the Set-Cookie file format and don't specify a domain then the
If you use the Set-Cookie format and don't specify a domain then the cookie is cookie is not sent since the domain will never match. To address this, set a
sent for any domain (even after redirects are followed) and cannot be modified domain in Set-Cookie line (doing that will include sub-domains) or preferably:
by a server-set cookie. If a server sets a cookie of the same name then both use the Netscape format.
will be sent on a future transfer to that server, likely not what you intended.
To address these issues set a domain in Set-Cookie (doing that will include
sub-domains) or use the Netscape format.
If you use this option multiple times, you just add more files to read. If you use this option multiple times, you just add more files to read.
Subsequent files will add more cookies. Subsequent files will add more cookies.