1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 22:15:13 -05:00
Commit Graph

24 Commits

Author SHA1 Message Date
Daniel Stenberg
a5d994941c http: always send Host: header as first header
...after the method line:

 "Since the Host field-value is critical information for handling a
 request, a user agent SHOULD generate Host as the first header field
 following the request-line." / RFC 7230 section 5.4

Additionally, this will also make libcurl ignore multiple specified
custom Host: headers and only use the first one. Test 1121 has been
updated accordingly

Bug: http://curl.haxx.se/bug/view.cgi?id=1491
Reported-by: Rainer Canavan
2015-03-12 12:15:24 +01:00
Daniel Stenberg
a76825a5ef cookies: reject incoming cookies set for TLDs
Test 61 was modified to verify this.

CVE-2014-3620

Reported-by: Tim Ruehsen
URL: http://curl.haxx.se/docs/adv_20140910B.html
2014-09-10 07:32:36 +02:00
Daniel Stenberg
c75ece4442 cookies: change the URL in the cookie jar file header 2012-07-03 11:27:45 +02:00
Daniel Stenberg
49465fffdb cookies: tricked dotcounter fixed
Providing multiple dots in a series in the domain field (domain=..com) could
trick the cookie engine to wrongly accept the cookie believing it to be
fine. Since the tailmatching would then match all .com sites, the cookie would
then be sent to all of them.

The code now requires at least one letter between each dot for them to be
counted. Edited test case 61 to verify this.
2010-12-23 22:52:32 +01:00
Daniel Stenberg
c0b5d378dc made the cookie tests 61 and 62 test httponly cookies, both receiving in
headers and reading from cookie-jar
2009-05-10 18:02:37 +00:00
Dan Fandrich
9391d980c3 Tweaked a few tests to test proper Turkish locale handling 2008-10-23 01:53:27 +00:00
Daniel Stenberg
e138ae5ec9 - I'm abandoning the system with the web site mirrors (but keeping download
files bing mirrored) and thus I've changed the URL in the cookiejar header
  to no longer use curlm.haxx.se but instead use the main site curl.haxx.se
2008-08-28 11:35:54 +00:00
Dan Fandrich
19631f5d5f Force the time zone to GMT in the cookie tests in case the user is
using one of the so-called 'right' time zones that take into account
leap seconds, which causes the tests to fail (as reported by
Daniel Black in bug report #1745964).
2007-07-10 22:27:16 +00:00
Yang Tse
9b6474378a Year 2038 has its own problems (32 bit integer overflow).
So cookie expiration date is lowered to expire at most in 2035.
2007-02-05 02:38:25 +00:00
Yang Tse
401598c2fe more fixes for the testsuite cookie expiration issue 2007-02-02 01:05:50 +00:00
Yang Tse
d60848d04b cookie expiration time got us with pants at our knees.
Next time in 2038 :-)
2007-02-02 00:10:40 +00:00
Dan Fandrich
33bea767eb Convert (most of) the test data files into genuine XML. A handful still
are not, due mainly to the lack of support for XML character entities
(e.g. & => & ).  This will make it easier to validate test files using
tools like xmllint, as well as edit and view them using XML tools.
2007-01-23 02:25:56 +00:00
Daniel Stenberg
68e9f75708 As reported in bug: #1566077 the former URL mentioned in the generated cookie
jar has died and we now instead point out our own version of that
2006-09-27 21:00:45 +00:00
Daniel Stenberg
6a63c51f7c Andres Garcia's mode=text patch to make these do fine on Windows 2005-05-24 10:03:13 +00:00
Daniel Stenberg
5d9fc28fa7 Modified the default HTTP headers used by libcurl:
A) Normal non-proxy HTTP:

 - no more "Pragma: no-cache" (this only makes sense to proxies)

B) Non-CONNECT HTTP request over proxy:

 - "Pragma: no-cache" is used (like before)
 - "Proxy-Connection: Keep-alive" (for older style 1.0-proxies)

C) CONNECT HTTP request over proxy:

 - "Host: [name]:[port]"
 - "Proxy-Connection: Keep-alive"
2005-05-11 09:52:59 +00:00
Daniel Stenberg
4485503ecc keywords added 2005-04-22 21:59:08 +00:00
Daniel Stenberg
ca52c963c7 1. cookie expire-strings MUST use GMT timezones
2. adjusted date strings to upcoming date parser rewrite
2004-09-11 19:12:37 +00:00
Daniel Stenberg
2b1673c9c8 Now the test servers and test cases can run on a custom port number. There's
no fixed port numbers in use anymore. Starting now, the default ports the
servers use are 8990 - 8993. There's no option to modify these yet, but
changing the $base option in the top of the runtests.pl script.
2004-09-08 08:08:38 +00:00
Daniel Stenberg
93e32e6f62 Modified the default HTTP Accept: header to only be Accept: */* 2004-02-09 12:46:41 +00:00
Daniel Stenberg
c50a601f1a modified to work fine with the new persistant connection working test suite
HTTP server
2003-07-19 23:57:08 +00:00
Daniel Stenberg
a290d4b9db fixed the format slightly 2003-05-02 09:11:53 +00:00
Daniel Stenberg
ee29dbdb8f Each test case now specifies which server(s) it needs, without relying on the
test number.
2003-04-30 20:25:39 +00:00
Daniel Stenberg
37d1e9351e ok, make the test run ok too 2003-04-30 19:56:53 +00:00
Daniel Stenberg
4494c0dee0 various new cookie tests with a custom Host: header set 2003-04-30 19:49:51 +00:00