Am Wednesday 13 February 2013 schrieb Darshit Shah: > But RFC 6265 5.3.6 also states: > > If the canonicalized request-host does not domain-match the > > > > domain-attribute: > > Ignore the cookie entirely and abort these steps. > > > > Otherwise: > > Set the cookie's host-only-flag to false. > > > > Set the cookie's domain to the domain-attribute. > > > > Since wget does indeed set the cookie's domain as the domain attribute > > when it fails a domain-match, I don't think we should count it as a bug. > This also obsoletes Test #6 since now we do not need to test for that > erroneous cookie. Am I correct?
No, you are not. Test #5 and #6 check if Wget behaves correctly in the case that "the canonicalized request-host does not domain-match the domain-attribute". Wget must ignore the cookie from test #5. But the test #6 shows, that Wget does not ignore the cookie. That is a current bug within Wget cookie handling and should be fixed. > > On Wed, Feb 13, 2013 at 2:49 PM, Tim Ruehsen <[email protected]> wrote: > > Hi Darshit, > > > > > From what I read and understood, if the header does not domain-match, > > > > wget > > > > > should ignore the cookie. AFAIK, wget does successfully ignore that > > > > cookie > > > > > currently. > > > > Yes, that is a current bug of wget. > > > > > However, I cannot understand the output of wget: > > > "Cookie coming from localhost attempted to set domain to localhost" > > > That is cookie->domain and host were a match and yet it failed the > > > check_domain_match(cookie->domain, host) call. > > > Is this a bug? I'll attempt getting and reading a stacktrace for the > > > same to get more information. > > > > Ángel already made it clear. > > > > > The sixth test in Test-cookies.px, is it meant to fail? My Perl is > > > terrible, and I've been trying to improve it. Does it mean that the > > > expected header for that cookie should NOT include "foo=bar"? > > > > Request #5 makes the server respond with a Cookie that does not match the > > request domain. This simulates a misbehaving server. Wget should ignore > > that > > cookie, which is tested in Request #6. "!Cookie" => qr|foo=bar|" means > > 'the Wget request must not contain a Cookie header containing foo=bar' > > (the server > > side checks that). > > > > Regards, > > > > Tim Rühsen
