[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Wget expected behaviour on cookie mismatch

From: Darshit Shah
Subject: Re: [Bug-wget] Wget expected behaviour on cookie mismatch
Date: Wed, 13 Feb 2013 15:07:15 +0530

But RFC 6265 5.3.6 also states:

>  If the canonicalized request-host does not domain-match the
>            domain-attribute:
>               Ignore the cookie entirely and abort these steps.
>            Otherwise:
>               Set the cookie's host-only-flag to false.
>               Set the cookie's domain to the domain-attribute.
> Since wget does indeed set the cookie's domain as the domain attribute
when it fails a domain-match, I don't think we should count it as a bug.
This also obsoletes Test #6 since now we do not need to test for that
erroneous cookie. Am I correct?

On Wed, Feb 13, 2013 at 2:49 PM, Tim Ruehsen <address@hidden> wrote:

> Hi Darshit,
> > From what I read and understood, if the header does not domain-match,
> wget
> > should ignore the cookie. AFAIK, wget does successfully ignore that
> cookie
> > currently.
> Yes, that is a current bug of wget.
> > However, I cannot understand the output of wget:
> > "Cookie coming from localhost attempted to set domain to localhost"
> > That is cookie->domain and host were a match and yet it failed the
> > check_domain_match(cookie->domain, host)  call.
> > Is this a bug? I'll attempt getting and reading a stacktrace for the same
> > to get more information.
> Ángel already made it clear.
> > The sixth test in Test-cookies.px, is it meant to fail? My Perl is
> > terrible, and I've been trying to improve it. Does it mean that the
> > expected header for that cookie should NOT include "foo=bar"?
> Request #5 makes the server respond with a Cookie that does not match the
> request domain. This simulates a misbehaving server. Wget should ignore
> that
> cookie, which is tested in Request #6. "!Cookie" => qr|foo=bar|" means 'the
> Wget request must not contain a Cookie header containing foo=bar' (the
> server
> side checks that).
> Regards,
>       Tim Rühsen

Thanking You,
Darshit Shah
Research Lead, Code Innovation
Kill Code Phobia.
B.E.(Hons.) Mechanical Engineering, '14. BITS-Pilani.
Website: http://tedxbitshyderabad.com
Facebook Page: https://www.facebook.com/TedxBitsHyderabad

reply via email to

[Prev in Thread] Current Thread [Next in Thread]