1
0
mirror of https://github.com/moparisthebest/curl synced 2025-01-11 22:18:00 -05:00
curl/tests/data/test8
YAMADA Yasuharu 04f52e9b4d cookies: only consider full path matches
I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- server returns cookie which with path=/hoge;
  the point is there is NOT the '/' end of path string.
- cURL sends a request to http://example.fake/hogege/ with the cookie.

The reason for this old "feature" is because that behavior is what is
described in the original netscape cookie spec:
http://curl.haxx.se/rfc/cookie_spec.html

The current cookie spec (RFC6265) clarifies the situation:
http://tools.ietf.org/html/rfc6265#section-5.2.4
2013-05-18 22:54:48 +02:00

67 lines
1.4 KiB
Plaintext

<testcase>
<info>
<keywords>
HTTP
HTTP GET
cookies
</keywords>
</info>
# Server-side
<reply>
<data>
HTTP/1.1 200 OK swsclose
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
</data>
</reply>
# Client-side
<client>
<server>
http
</server>
<name>
HTTP with cookie parsing from header file
</name>
<command>
http://%HOSTIP:%HTTPPORT/we/want/8 -b log/heads8.txt
</command>
# We create this file before the command is invoked!
<file name="log/heads8.txt">
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Content-Type: text/html
Funny-head: yesyes
Set-Cookie: foobar=name; domain=%HOSTIP; path=/;
Set-Cookie: mismatch=this; domain=%HOSTIP; path="/silly/";
Set-Cookie: partmatch=present; domain=.0.0.1; path=/w;
Set-Cookie: duplicate=test; domain=.0.0.1; domain=.0.0.1; path=/donkey;
Set-Cookie: cookie=yes; path=/we;
Set-Cookie: cookie=perhaps; path=/we/want;
Set-Cookie: nocookie=yes; path=/WE;
Set-Cookie: blexp=yesyes; domain=.0.0.1; domain=.0.0.1; expiry=totally bad;
</file>
<precheck>
perl -e 'if ("%HOSTIP" !~ /\.0\.0\.1$/) {print "Test only works for HOSTIPs ending with .0.0.1"; exit(1)}'
</precheck>
</client>
# Verify data after the test has been "shot"
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET /we/want/8 HTTP/1.1
Host: %HOSTIP:%HTTPPORT
Accept: */*
Cookie: cookie=perhaps; cookie=yes; foobar=name; blexp=yesyes
</protocol>
</verify>
</testcase>