moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-08-13 17:03:50 -04:00
Code Issues Releases Wiki Activity
25,760 Commits 10 Branches 144 Tags 113 MiB
600a8cded4
Commit Graph

3 Commits

Author SHA1 Message Date
Daniel Gustafsson
7a09b52c98 cookies: leave secure cookies alone 
Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.

Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
 2018-12-13 09:57:58 +01:00
Marcel Raad
387e85efd0
cookie tests: treat files as text 
Fixes test failures because of wrong line endings on Windows.
 2018-08-23 13:11:20 +02:00
Patrick Monnerat
1b55d270ad cookies: do not take cookie name as a parameter 
RFC 6265 section 4.2.1 does not set restrictions on cookie names.
This is a follow-up to commit 7f7fcd0.
Also explicitly check proper syntax of cookie name/value pair.

New test 1155 checks that cookie names are not reserved words.

Reported-By: anshnd at github
Fixes #2564
Closes #2566
 2018-05-13 01:23:10 +02:00