[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Implementing draft to update RFC6265
From: |
Ander Juaristi |
Subject: |
Re: [Bug-wget] Implementing draft to update RFC6265 |
Date: |
Sun, 31 Jan 2016 17:40:12 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
The test looks good to me, but I think I've spotted a bug _in the test engine_
where the 'RejectHeader' rule doesn't get enforced.
You can strip the 'secure' parameter from this testcase and still it will pass.
I've written a patch to fix this.
I.e. this:
---request begin---
GET /File2 HTTP/1.1
User-Agent: Wget/1.16.3.168-be847 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 127.0.0.1:44832
Connection: Keep-Alive
Cookie: sess-id=0213
---request end---
HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 17:33:20] "GET
/File2 HTTP/1.1" 200 -
---response begin---
HTTP/1.1 200 OK
Server: BaseHTTP/0.6 Python/3.4.3+
Date: Sun, 31 Jan 2016 16:33:20 GMT
content-length: 29
content-type: text/plain
versus this:
---request begin---
GET /File2 HTTP/1.1
User-Agent: Wget/1.16.3.168-be847 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Host: 127.0.0.1:37251
Connection: Keep-Alive
Cookie: sess-id=0213
---request end---
HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 17:34:18]
code 400, message Blacklisted Header Cookie received
127.0.0.1 - - [31/Jan/2016 17:34:18] "GET /File2 HTTP/1.1" 400 -
---response begin---
HTTP/1.1 400 Blacklisted Header Cookie received
Server: BaseHTTP/0.6 Python/3.4.3+
Date: Sun, 31 Jan 2016 16:34:18 GMT
Content-Type: text/html;charset=utf-8
Connection: close
Content-Length: 483
---response end---
400 Blacklisted Header Cookie received
Header Cookie received
URI content encoding = ‘utf-8’
Disabling further reuse of socket 3.
Closed fd 3
2016-01-31 17:34:18 ERROR 400: Blacklisted Header Cookie received.
On 01/30/2016 09:31 PM, Kushagra Singh wrote:
Hi,
I'm a bit stuck while writing tests. How do I test the fact that a secure
only cookie does not get saved over an insecure connection? Even if the
cookie gets saved, it will not be transmitted over an insecure connection
(cookie_matches_url() ensures that). So even though I can see in the log
that the cookie is not saved, I can't figure out how exactly to test that
in the test suite, since I cannot check using RejectHeader. Please find
attached the test I have written.
And one thing I noticed, Test-Proto.py tries to import HTTP and HTTPS
classes from " misc.constants", which is wrong. It should be imported from
test.base_test right?
Regards,
Kushagra
Regards,
- AJ
0001-Enforce-RejectHeader-rule.patch
Description: Text Data
- Re: [Bug-wget] Implementing draft to update RFC6265, (continued)
- Re: [Bug-wget] Implementing draft to update RFC6265, Kushagra Singh, 2016/01/26
- Re: [Bug-wget] Implementing draft to update RFC6265, Tim Ruehsen, 2016/01/27
- Re: [Bug-wget] Implementing draft to update RFC6265, Kushagra Singh, 2016/01/27
- Re: [Bug-wget] Implementing draft to update RFC6265, Tim Ruehsen, 2016/01/27
- Re: [Bug-wget] Implementing draft to update RFC6265, Kushagra Singh, 2016/01/27
- Re: [Bug-wget] Implementing draft to update RFC6265, Darshit Shah, 2016/01/27
- Re: [Bug-wget] Implementing draft to update RFC6265, Kushagra Singh, 2016/01/29
- Re: [Bug-wget] Implementing draft to update RFC6265, Darshit Shah, 2016/01/29
- Re: [Bug-wget] Implementing draft to update RFC6265, Darshit Shah, 2016/01/29
- Re: [Bug-wget] Implementing draft to update RFC6265, Kushagra Singh, 2016/01/30
- Re: [Bug-wget] Implementing draft to update RFC6265,
Ander Juaristi <=
- Re: [Bug-wget] Implementing draft to update RFC6265, Ander Juaristi, 2016/01/31
- Re: [Bug-wget] Implementing draft to update RFC6265, Darshit Shah, 2016/01/31
- Re: [Bug-wget] Implementing draft to update RFC6265, Tim Rühsen, 2016/01/30
- Re: [Bug-wget] Implementing draft to update RFC6265, Tim Rühsen, 2016/01/30
- Re: [Bug-wget] Implementing draft to update RFC6265, Darshit Shah, 2016/01/27