[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Implementing draft to update RFC6265

From: Kushagra Singh
Subject: Re: [Bug-wget] Implementing draft to update RFC6265
Date: Sun, 24 Jan 2016 17:08:15 +0530

I have added the first two out the three recommendations in the draft. The
third one is relevant when cookies have to be removed in case the total
number of cookies hit a predefined upper bound, I'm not sure whether we
do that in wget?

As you mentioned, I had to change some method prototypes to get the uri
scheme. I made sure that I replaced all instances of those function calls
with the right call. The tests run fine, so hopefully I haven't broken

I am attaching the patch files, please review them.


On Sun, Jan 24, 2016 at 4:39 AM, Darshit Shah <address@hidden> wrote:

> On 23 January 2016 at 23:36, Kushagra Singh
> <address@hidden> wrote:
> > Thanks a lot for the help!
> >
> > I've made some progress, but have a couple of more questions
> >
> > - I can't manage to find the http-only-flag in the cookie struct, do we
> not
> > store this?
> Since Wget supports only HTTP, this is not required. The HttpOnly
> attribute prevents access to script code, but since Wget never
> executes them it is not necessary at all. Although, it may be a good
> idea to explicitly store the flag for Wget saves the cookies to a
> file. Maybe, we should add this.
> > - The draft asks to check whether the "scheme" component of the
> > "request-uri" denotes a secure protocol or not. Currently I am checking
> > using "#ifdef HAVE_SSL". I am not sure whether this is the right way to
> do
> > so, since having SSL with wget does not necessarily mean that the current
> > connection is secure.
> Ideally, a code base should have as few #ifdef statements as possible.
> They make reading the code very difficult for a human. That said, in
> this scenario it is the absolute wrong technique. You will want to
> access the scheme from the request URI. Find a way to access this
> information, you may need to change some method prototypes to make
> this happen.
> > - To check whether there exists a cookie whose domain, domain-matches the
> > domain of a new cookie, we should iterate through the chains returned by
> > find_chains_of_host right?
> That ought to work, I think.
> >
> > Regards,
> > Kush
> --
> Thanking You,
> Darshit Shah

Attachment: 0001-Added-recomendation-1-of-draft-west-leave-secure-coo.patch
Description: Text Data

Attachment: 0002-Redid-reccomendation-I-passing-url-scheme-to-cookie_.patch
Description: Text Data

Attachment: 0003-Added-recomendation-2.patch
Description: Text Data

Attachment: 0004-Moved-a-couple-of-methods-up-to-remove-unnecessary-p.patch
Description: Text Data

Attachment: 0005-Fixed-call-to-parse_set_cookie-in-cookie-tests.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]