That's no problem. Just mentioning it, so the thread stays alive and we don't entirely forget about it.
On 3 February 2016 at 09:11, Kushagra Singh <singh.kushagra.1...@gmail.com> wrote: > I'm out of town right now, I'll be able to get back to it in a couple of > days. Sorry for the delay! > > Regards, > Kushagra > > > On Wed, 3 Feb 2016 13:39 Darshit Shah <dar...@gmail.com> wrote: >> >> That's fine. The patch was good. >> >> Now waiting on Kushagra's tests and his copyright assignment to go through >> >> On 1 February 2016 at 21:13, Tim Rühsen <tim.rueh...@gmx.de> wrote: >> > Ups, just pushed your patch accidentially (thanks anyway). >> > I wanted to wait for Darshit to confirm it... >> > >> > Regards, Tim >> > >> > Am Sonntag, 31. Januar 2016, 17:40:12 schrieb Ander Juaristi: >> >> The test looks good to me, but I think I've spotted a bug _in the test >> >> engine_ where the 'RejectHeader' rule doesn't get enforced. >> >> >> >> You can strip the 'secure' parameter from this testcase and still it >> >> will >> >> pass. I've written a patch to fix this. >> >> >> >> I.e. this: >> >> >> >> ---request begin--- >> >> GET /File2 HTTP/1.1 >> >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu) >> >> Accept: */* >> >> Accept-Encoding: identity >> >> Host: 127.0.0.1:44832 >> >> Connection: Keep-Alive >> >> Cookie: sess-id=0213 >> >> >> >> ---request end--- >> >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 >> >> 17:33:20] >> >> "GET /File2 HTTP/1.1" 200 - >> >> >> >> ---response begin--- >> >> HTTP/1.1 200 OK >> >> Server: BaseHTTP/0.6 Python/3.4.3+ >> >> Date: Sun, 31 Jan 2016 16:33:20 GMT >> >> content-length: 29 >> >> content-type: text/plain >> >> >> >> versus this: >> >> >> >> ---request begin--- >> >> GET /File2 HTTP/1.1 >> >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu) >> >> Accept: */* >> >> Accept-Encoding: identity >> >> Host: 127.0.0.1:37251 >> >> Connection: Keep-Alive >> >> Cookie: sess-id=0213 >> >> >> >> ---request end--- >> >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 >> >> 17:34:18] >> >> code 400, message Blacklisted Header Cookie received 127.0.0.1 - - >> >> [31/Jan/2016 17:34:18] "GET /File2 HTTP/1.1" 400 - >> >> >> >> ---response begin--- >> >> HTTP/1.1 400 Blacklisted Header Cookie received >> >> Server: BaseHTTP/0.6 Python/3.4.3+ >> >> Date: Sun, 31 Jan 2016 16:34:18 GMT >> >> Content-Type: text/html;charset=utf-8 >> >> Connection: close >> >> Content-Length: 483 >> >> >> >> ---response end--- >> >> 400 Blacklisted Header Cookie received >> >> Header Cookie received >> >> URI content encoding = ‘utf-8’ >> >> Disabling further reuse of socket 3. >> >> Closed fd 3 >> >> 2016-01-31 17:34:18 ERROR 400: Blacklisted Header Cookie received. >> >> >> >> On 01/30/2016 09:31 PM, Kushagra Singh wrote: >> >> > Hi, >> >> > >> >> > I'm a bit stuck while writing tests. How do I test the fact that a >> >> > secure >> >> > only cookie does not get saved over an insecure connection? Even if >> >> > the >> >> > cookie gets saved, it will not be transmitted over an insecure >> >> > connection >> >> > (cookie_matches_url() ensures that). So even though I can see in the >> >> > log >> >> > that the cookie is not saved, I can't figure out how exactly to test >> >> > that >> >> > in the test suite, since I cannot check using RejectHeader. Please >> >> > find >> >> > attached the test I have written. >> >> > >> >> > And one thing I noticed, Test-Proto.py tries to import HTTP and HTTPS >> >> > classes from " misc.constants", which is wrong. It should be imported >> >> > from >> >> > test.base_test right? >> >> > >> >> > Regards, >> >> > Kushagra >> >> >> >> Regards, >> >> - AJ >> > >> > >> >> >> >> -- >> Thanking You, >> Darshit Shah >> > -- Thanking You, Darshit Shah