[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] Implementing draft to update RFC6265

From: Kushagra Singh
Subject: [Bug-wget] Implementing draft to update RFC6265
Date: Tue, 19 Jan 2016 12:51:59 +0530


I am a second year student at studying CSE at IIIT Delhi. I was working on
implementing [1], suggested by Darnir so as to get a good understanding of
the wget source code.

The draft updates, section 5.3, Step 8 of RC6265, regarding the secure
parameter in the set cookie header.

The draft suggests that we should abort and not create a new cookie in case
the attribute value is "secure", and no secure protocol is present (no SSL).

Presently, in the function "parse_set_cookie", cookie->secure is set to 1,
ignoring the value in the "secure" attribute of the cookie-attribute-list
(line 443, cookies.c). Shouldn't the value of cookie->secure be set
according to the attribute value sent in the attribute-list?

Since the secure flag is always set, point 2 in the draft also becomes
irrelevant, since it suggests changes when the secure flag is not set.

I guess we should change the code so that it sets the cookie->secure flag
only in case the attribute-list says so. Or has this been done because of
some other reason?

I also am not sure how I can contribute code to wget. In the past I have
used Github, where I could fork, add code and send pull requests. I am a
bit unfamiliar with the way it is done for wget. I'll be grateful if
someone could help me out with this.

[1]: https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone-04


reply via email to

[Prev in Thread] Current Thread [Next in Thread]