mirror of
https://github.com/moparisthebest/curl
synced 2024-11-13 21:15:08 -05:00
7f7fcd0d75
RFC 6265 section 4.1.1 spells out that the first name/value pair in the header is the actual cookie name and content, while the following are the parameters. libcurl previously had a more liberal approach which causes significant problems when introducing new cookie parameters, like the suggested new cookie priority draft. The previous logic read all n/v pairs from left-to-right and the first name used that wassn't a known parameter name would be used as the cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be a cookie named 'person' while an RFC 6265 compliant parser should consider that to be a cookie named 'Max-Age' with an (unknown) parameter 'person'. Fixes #709
57 lines
809 B
Plaintext
57 lines
809 B
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTP
|
|
HTTP GET
|
|
cookies
|
|
</keywords>
|
|
</info>
|
|
# Server-side
|
|
<reply>
|
|
<data>
|
|
HTTP/1.1 200 Mooo swsclose
|
|
Connection: close
|
|
Set-Cookie: thewinneris=nowayyouwin; path=/;
|
|
Content-Length: 8
|
|
|
|
*flopp*
|
|
</data>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
http
|
|
</server>
|
|
<name>
|
|
Get same cookie page several times
|
|
</name>
|
|
<command>
|
|
"http://%HOSTIP:%HTTPPORT/want/{27,27,27}" -b none
|
|
</command>
|
|
</client>
|
|
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<strip>
|
|
^User-Agent: curl.*
|
|
</strip>
|
|
<protocol>
|
|
GET /want/27 HTTP/1.1
|
|
Host: %HOSTIP:%HTTPPORT
|
|
Accept: */*
|
|
|
|
GET /want/27 HTTP/1.1
|
|
Host: %HOSTIP:%HTTPPORT
|
|
Accept: */*
|
|
Cookie: thewinneris=nowayyouwin
|
|
|
|
GET /want/27 HTTP/1.1
|
|
Host: %HOSTIP:%HTTPPORT
|
|
Accept: */*
|
|
Cookie: thewinneris=nowayyouwin
|
|
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|