On Sun, 3 Jul 2011, Rob Ward wrote:
I've recently started learning the internals of how Curl works and in doing
so decided to have a go at fixing a bug(3349227) where curl does not
understand the secure= attribute in cookies. I have attached a set of
proposed patches that include the fix and an update to test 31 that verifies
the fix. This implementation is based on my limited understanding of how the
cookies code(and the internals of curl) works so I would suggest it be
checked in case I have missed a simpler solution.
Hi Rob, thanks for your contribution and desire to help!
Since the cookie RFC allows 'secure=' instead of 'secure', it also allows
'httponly=' instead of 'httponly' so I think we should adapt for that version
too while we're at it, and add that to the test case. Oh, and perhaps we
should also add a test case or two for when the cookie name is actually
'secure' or 'httponly' as in 'secure=yes' since then it isn't the same as when
'secure='.
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
