[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Wget expected behaviour on cookie mismatch

From: Darshit Shah
Subject: Re: [Bug-wget] Wget expected behaviour on cookie mismatch
Date: Wed, 13 Feb 2013 00:46:20 +0530

Hi Tim,
Thanks for your answer. I spent my day going through RFC 6265. And I'd like
to clarify some things.

>From what I read and understood, if the header does not domain-match, wget
should ignore the cookie. AFAIK, wget does successfully ignore that cookie
currently. However, I cannot understand the output of wget:
"Cookie coming from localhost attempted to set domain to localhost"
That is cookie->domain and host were a match and yet it failed the
check_domain_match(cookie->domain, host)  call.
Is this a bug? I'll attempt getting and reading a stacktrace for the same
to get more information.

The sixth test in Test-cookies.px, is it meant to fail? My Perl is
terrible, and I've been trying to improve it. Does it mean that the
expected header for that cookie should NOT include "foo=bar"?

On Tue, Feb 12, 2013 at 1:13 PM, Tim Ruehsen <address@hidden> wrote:

> Am Monday 11 February 2013 schrieb Darshit Shah:
> > One of the 70 tests written for wget fails. The error message is:
> > > *** Mismatch on !Cookie:  =~ (?^:foo=bar)
> > > 400 Mismatch on expected headers
> > > 2013-02-12 03:05:48 ERROR 400: Mismatch on expected headers.
> >
> > Now, I was wondering, in the ideal case, what is wget expected to do in
> > such a case? Should wget ignore the cookie like it does in testcase 5
> for a
> > mismatched domain?
> >
> > Any help/advice on this front would be greatly appreciated.
> >
> > File in question is: Test-cookies.px
> I sent the patch 9.11.2012, when I realized wget fails to handle
> non-matching
> cookies. The bug has still to be fixed in wget - the test correctly fails.
> Here is a cite from my email:
> "Also included is a test for testing the ignorance of a non-matching
> domain in
> the Set-Cookie header. (wget fails, but shouldn't due to RFC 6265 5.3.6).
> wget just replaces that foreign domain with the domain from the
> request-uri."
> I already created correctly working library routines for cookie handling
> incl.
> Mozilla Public Suffix handling. It is not decided yet, if this library ever
> links to a future wget. And it is still not released and needs more work
> (any
> help appreciated !). If interested: it is still in
> https://github.com/rockdaboot/mget, but will move into it's own project
> soon.
> Fixing the issue in wget1.x would be a nice move, though.
> Regards,
>      Tim Rühsen

Thanking You,
Darshit Shah
Research Lead, Code Innovation
Kill Code Phobia.
B.E.(Hons.) Mechanical Engineering, '14. BITS-Pilani.
Website: http://tedxbitshyderabad.com
Facebook Page: https://www.facebook.com/TedxBitsHyderabad

reply via email to

[Prev in Thread] Current Thread [Next in Thread]