On 23 January 2016 at 23:36, Kushagra Singh <[email protected]> wrote: > Thanks a lot for the help! > > I've made some progress, but have a couple of more questions > > - I can't manage to find the http-only-flag in the cookie struct, do we not > store this? Since Wget supports only HTTP, this is not required. The HttpOnly attribute prevents access to script code, but since Wget never executes them it is not necessary at all. Although, it may be a good idea to explicitly store the flag for Wget saves the cookies to a file. Maybe, we should add this.
> - The draft asks to check whether the "scheme" component of the > "request-uri" denotes a secure protocol or not. Currently I am checking > using "#ifdef HAVE_SSL". I am not sure whether this is the right way to do > so, since having SSL with wget does not necessarily mean that the current > connection is secure. Ideally, a code base should have as few #ifdef statements as possible. They make reading the code very difficult for a human. That said, in this scenario it is the absolute wrong technique. You will want to access the scheme from the request URI. Find a way to access this information, you may need to change some method prototypes to make this happen. > - To check whether there exists a cookie whose domain, domain-matches the > domain of a new cookie, we should iterate through the chains returned by > find_chains_of_host right? That ought to work, I think. > > Regards, > Kush -- Thanking You, Darshit Shah
