Hi, I am a second year student at studying CSE at IIIT Delhi. I was working on implementing [1], suggested by Darnir so as to get a good understanding of the wget source code.
The draft updates, section 5.3, Step 8 of RC6265, regarding the secure parameter in the set cookie header. The draft suggests that we should abort and not create a new cookie in case the attribute value is "secure", and no secure protocol is present (no SSL). Presently, in the function "parse_set_cookie", cookie->secure is set to 1, ignoring the value in the "secure" attribute of the cookie-attribute-list (line 443, cookies.c). Shouldn't the value of cookie->secure be set according to the attribute value sent in the attribute-list? Since the secure flag is always set, point 2 in the draft also becomes irrelevant, since it suggests changes when the secure flag is not set. I guess we should change the code so that it sets the cookie->secure flag only in case the attribute-list says so. Or has this been done because of some other reason? I also am not sure how I can contribute code to wget. In the past I have used Github, where I could fork, add code and send pull requests. I am a bit unfamiliar with the way it is done for wget. I'll be grateful if someone could help me out with this. [1]: https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone-04 Kushagra
