I'm out of town right now, I'll be able to get back to it in a couple of days. Sorry for the delay!
Regards, Kushagra On Wed, 3 Feb 2016 13:39 Darshit Shah <[email protected]> wrote: > That's fine. The patch was good. > > Now waiting on Kushagra's tests and his copyright assignment to go through > > On 1 February 2016 at 21:13, Tim Rühsen <[email protected]> wrote: > > Ups, just pushed your patch accidentially (thanks anyway). > > I wanted to wait for Darshit to confirm it... > > > > Regards, Tim > > > > Am Sonntag, 31. Januar 2016, 17:40:12 schrieb Ander Juaristi: > >> The test looks good to me, but I think I've spotted a bug _in the test > >> engine_ where the 'RejectHeader' rule doesn't get enforced. > >> > >> You can strip the 'secure' parameter from this testcase and still it > will > >> pass. I've written a patch to fix this. > >> > >> I.e. this: > >> > >> ---request begin--- > >> GET /File2 HTTP/1.1 > >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu) > >> Accept: */* > >> Accept-Encoding: identity > >> Host: 127.0.0.1:44832 > >> Connection: Keep-Alive > >> Cookie: sess-id=0213 > >> > >> ---request end--- > >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 > 17:33:20] > >> "GET /File2 HTTP/1.1" 200 - > >> > >> ---response begin--- > >> HTTP/1.1 200 OK > >> Server: BaseHTTP/0.6 Python/3.4.3+ > >> Date: Sun, 31 Jan 2016 16:33:20 GMT > >> content-length: 29 > >> content-type: text/plain > >> > >> versus this: > >> > >> ---request begin--- > >> GET /File2 HTTP/1.1 > >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu) > >> Accept: */* > >> Accept-Encoding: identity > >> Host: 127.0.0.1:37251 > >> Connection: Keep-Alive > >> Cookie: sess-id=0213 > >> > >> ---request end--- > >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 > 17:34:18] > >> code 400, message Blacklisted Header Cookie received 127.0.0.1 - - > >> [31/Jan/2016 17:34:18] "GET /File2 HTTP/1.1" 400 - > >> > >> ---response begin--- > >> HTTP/1.1 400 Blacklisted Header Cookie received > >> Server: BaseHTTP/0.6 Python/3.4.3+ > >> Date: Sun, 31 Jan 2016 16:34:18 GMT > >> Content-Type: text/html;charset=utf-8 > >> Connection: close > >> Content-Length: 483 > >> > >> ---response end--- > >> 400 Blacklisted Header Cookie received > >> Header Cookie received > >> URI content encoding = ‘utf-8’ > >> Disabling further reuse of socket 3. > >> Closed fd 3 > >> 2016-01-31 17:34:18 ERROR 400: Blacklisted Header Cookie received. > >> > >> On 01/30/2016 09:31 PM, Kushagra Singh wrote: > >> > Hi, > >> > > >> > I'm a bit stuck while writing tests. How do I test the fact that a > secure > >> > only cookie does not get saved over an insecure connection? Even if > the > >> > cookie gets saved, it will not be transmitted over an insecure > connection > >> > (cookie_matches_url() ensures that). So even though I can see in the > log > >> > that the cookie is not saved, I can't figure out how exactly to test > that > >> > in the test suite, since I cannot check using RejectHeader. Please > find > >> > attached the test I have written. > >> > > >> > And one thing I noticed, Test-Proto.py tries to import HTTP and HTTPS > >> > classes from " misc.constants", which is wrong. It should be imported > from > >> > test.base_test right? > >> > > >> > Regards, > >> > Kushagra > >> > >> Regards, > >> - AJ > > > > > > > > -- > Thanking You, > Darshit Shah > >
