[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#24757: 25.1.50; url-cookie.el creates phantom cookie for HttpOnly
From: |
Katsumi Yamaoka |
Subject: |
bug#24757: 25.1.50; url-cookie.el creates phantom cookie for HttpOnly |
Date: |
Thu, 07 Dec 2017 07:47:26 +0900 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.90 (i686-pc-cygwin) |
On Wed, 06 Dec 2017 06:46:00 -0500, Noam Postavsky wrote:
[...]
> In emacs-26, as of [1: caa39f495c], the second cookie is not present,
> but it looks like it unconditionally drops the HttpOnly attribute (and
> all other attributes?). Is that the right thing?
Yes, I believe so. Not only HttpOnly but also Expires, Max-Age,
etc. are only attributes of the cookie of which the name appeared
at the beginning of the Set-Cookie header. Sending such ones to
certain web sites would cause an error as I mentioned below.
> [1: caa39f495c]: 2017-11-13 23:56:26 +0000
> Fix cookie handling (bug#29282)
>
> https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=caa39f495c0783dac2d5701100db83ea10f126c0