Package: w3m
Version: 0.5.1-5
This cookie was rejected to prevent security violation. [wrong number of
dots]
W3m rejects cookies for domain.tld (versus subdomain.domain.tld) unless when
tld is one of .com, .edu, .gov, .mil, .net, .org and .int. This is done on
the assumption that others TLD follow the .jp domain.subtld.tld model:
.co.jp for commercial sites, .ac.jp for academic sites, and so on. The
reason to reject such cookies is to prevent malicious sites from putting
cookies on whole subdomains, which would be akin tu putting cookies on the
whole .com or .org TLD.
But the assumption is wrong: a lot of country code TLD do not follow this
policy (including .jp, nowadays), and the hardcoded list of generic TLD in
w3m is incomplete. That makes browsing some sites very annoying, due to a
lot of rejected cookies (each pausing for some time, if cookies are
displayed), and sometimes impossible (if the site is badly written).
The code is in cookie.c, lines 302 to 313, where the special_domain variable
is used.
For the record, in Firefox, the corresponding feature seems to be in
toolkit/components/places/src/nsNavHistory.cpp (with a This should be moved
somewhere else (like cookies) comment), near the end, with a hardcoded list
of ccTLD with subtld policy. The complete hardcoded list is .uk and .kr.
Therefore, the simplest would be to simply remove this test, and accept
unconditionally cookies for domain.tld.
Regards,
--
Nicolas George
Irrelevant system information:
Debian Etch up to date
Linux she-seel 2.6.17.8-she-seel #1 PREEMPT Wed Aug 9 12:24:43 CEST 2006
x86_64 GNU/Linux
libc62.3.6.ds1-4
libgc1c2 6.7-2
libgpmg1 1.19.6-22
libncurses5 5.5-2
libssl0.9.8 0.9.8b-2
zlib1g 1.2.3-13
signature.asc
Description: Digital signature
