moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-03-11 07:39:50 -04:00
Code Issues Releases Wiki Activity

Jan Sundin reported a case where curl ignored a cookie that browsers don't,

Browse Source 
which turned up to be due to the number of dots in the 'domain'. I've now
  made curl follow the the original netscape cookie spec less strict on that
  part.
This commit is contained in:
Daniel Stenberg 2003-08-04 23:05:57 +00:00
parent fdda786fa2
commit 98ee12bc35
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/cookie.c
View File

@ -234,7 +234,13 @@ Curl_cookie_add(struct CookieInfo *c,
break;
}
}
if(dotcount < 3) {
/* The original Netscape cookie spec defined that this domain name
MUST have three dots (or two if one of the seven holy TLDs),
but it seems that these kinds of cookies are in use "out there"
so we cannot be that strict. I've therefore lowered the check
to not allow less than two dots. */
if(dotcount < 2) {
/* Received and skipped a cookie with a domain using too few
dots. */
badcookie=TRUE; /* mark this as a bad cookie */