Re: [Bug-wget] Wget expected behaviour on cookie mismatch

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Wget expected behaviour on cookie mismatch

From:	Darshit Shah
Subject:	Re: [Bug-wget] Wget expected behaviour on cookie mismatch
Date:	Wed, 13 Feb 2013 15:07:15 +0530

But RFC 6265 5.3.6 also states:

>  If the canonicalized request-host does not domain-match the
>            domain-attribute:
>
>               Ignore the cookie entirely and abort these steps.
>
>            Otherwise:
>
>               Set the cookie's host-only-flag to false.
>
>               Set the cookie's domain to the domain-attribute.
>
> Since wget does indeed set the cookie's domain as the domain attribute
when it fails a domain-match, I don't think we should count it as a bug.
This also obsoletes Test #6 since now we do not need to test for that
erroneous cookie. Am I correct?

On Wed, Feb 13, 2013 at 2:49 PM, Tim Ruehsen <address@hidden> wrote:

> Hi Darshit,
>
> > From what I read and understood, if the header does not domain-match,
> wget
> > should ignore the cookie. AFAIK, wget does successfully ignore that
> cookie
> > currently.
>
> Yes, that is a current bug of wget.
>
> > However, I cannot understand the output of wget:
> > "Cookie coming from localhost attempted to set domain to localhost"
> > That is cookie->domain and host were a match and yet it failed the
> > check_domain_match(cookie->domain, host)  call.
> > Is this a bug? I'll attempt getting and reading a stacktrace for the same
> > to get more information.
>
> Ángel already made it clear.
>
> > The sixth test in Test-cookies.px, is it meant to fail? My Perl is
> > terrible, and I've been trying to improve it. Does it mean that the
> > expected header for that cookie should NOT include "foo=bar"?
>
> Request #5 makes the server respond with a Cookie that does not match the
> request domain. This simulates a misbehaving server. Wget should ignore
> that
> cookie, which is tested in Request #6. "!Cookie" => qr|foo=bar|" means 'the
> Wget request must not contain a Cookie header containing foo=bar' (the
> server
> side checks that).
>
> Regards,
>
>       Tim Rühsen
>



-- 
Thanking You,
Darshit Shah
Research Lead, Code Innovation
Kill Code Phobia.
B.E.(Hons.) Mechanical Engineering, '14. BITS-Pilani.
TEDxBITSHyderabad:
Website: http://tedxbitshyderabad.com
Facebook Page: https://www.facebook.com/TedxBitsHyderabad

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] Wget expected behaviour on cookie mismatch, Darshit Shah, 2013/02/12
- Re: [Bug-wget] Wget expected behaviour on cookie mismatch, Tim Ruehsen, 2013/02/12
  - Re: [Bug-wget] Wget expected behaviour on cookie mismatch, Darshit Shah, 2013/02/12
    - Re: [Bug-wget] Wget expected behaviour on cookie mismatch, Ángel González, 2013/02/12
    - Re: [Bug-wget] Wget expected behaviour on cookie mismatch, Darshit Shah, 2013/02/12
    - Re: [Bug-wget] Wget expected behaviour on cookie mismatch, Tim Ruehsen, 2013/02/13
    - Re: [Bug-wget] Wget expected behaviour on cookie mismatch, Darshit Shah <=
    - Re: [Bug-wget] Wget expected behaviour on cookie mismatch, Tim Ruehsen, 2013/02/13
    - Re: [Bug-wget] Wget expected behaviour on cookie mismatch, Darshit Shah, 2013/02/13

Prev by Date: Re: [Bug-wget] Wget expected behaviour on cookie mismatch
Next by Date: Re: [Bug-wget] Wget expected behaviour on cookie mismatch
Previous by thread: Re: [Bug-wget] Wget expected behaviour on cookie mismatch
Next by thread: Re: [Bug-wget] Wget expected behaviour on cookie mismatch
Index(es):
- Date
- Thread