[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Implementing draft to update RFC6265
|
From: |
Tim Rühsen |
|
Subject: |
Re: [Bug-wget] Implementing draft to update RFC6265 |
|
Date: |
Mon, 01 Feb 2016 21:13:03 +0100 |
|
User-agent: |
KMail/4.14.10 (Linux/4.3.0-1-amd64; KDE/4.14.14; x86_64; ; ) |
Ups, just pushed your patch accidentially (thanks anyway).
I wanted to wait for Darshit to confirm it...
Regards, Tim
Am Sonntag, 31. Januar 2016, 17:40:12 schrieb Ander Juaristi:
> The test looks good to me, but I think I've spotted a bug _in the test
> engine_ where the 'RejectHeader' rule doesn't get enforced.
>
> You can strip the 'secure' parameter from this testcase and still it will
> pass. I've written a patch to fix this.
>
> I.e. this:
>
> ---request begin---
> GET /File2 HTTP/1.1
> User-Agent: Wget/1.16.3.168-be847 (linux-gnu)
> Accept: */*
> Accept-Encoding: identity
> Host: 127.0.0.1:44832
> Connection: Keep-Alive
> Cookie: sess-id=0213
>
> ---request end---
> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 17:33:20]
> "GET /File2 HTTP/1.1" 200 -
>
> ---response begin---
> HTTP/1.1 200 OK
> Server: BaseHTTP/0.6 Python/3.4.3+
> Date: Sun, 31 Jan 2016 16:33:20 GMT
> content-length: 29
> content-type: text/plain
>
> versus this:
>
> ---request begin---
> GET /File2 HTTP/1.1
> User-Agent: Wget/1.16.3.168-be847 (linux-gnu)
> Accept: */*
> Accept-Encoding: identity
> Host: 127.0.0.1:37251
> Connection: Keep-Alive
> Cookie: sess-id=0213
>
> ---request end---
> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 17:34:18]
> code 400, message Blacklisted Header Cookie received 127.0.0.1 - -
> [31/Jan/2016 17:34:18] "GET /File2 HTTP/1.1" 400 -
>
> ---response begin---
> HTTP/1.1 400 Blacklisted Header Cookie received
> Server: BaseHTTP/0.6 Python/3.4.3+
> Date: Sun, 31 Jan 2016 16:34:18 GMT
> Content-Type: text/html;charset=utf-8
> Connection: close
> Content-Length: 483
>
> ---response end---
> 400 Blacklisted Header Cookie received
> Header Cookie received
> URI content encoding = ‘utf-8’
> Disabling further reuse of socket 3.
> Closed fd 3
> 2016-01-31 17:34:18 ERROR 400: Blacklisted Header Cookie received.
>
> On 01/30/2016 09:31 PM, Kushagra Singh wrote:
> > Hi,
> >
> > I'm a bit stuck while writing tests. How do I test the fact that a secure
> > only cookie does not get saved over an insecure connection? Even if the
> > cookie gets saved, it will not be transmitted over an insecure connection
> > (cookie_matches_url() ensures that). So even though I can see in the log
> > that the cookie is not saved, I can't figure out how exactly to test that
> > in the test suite, since I cannot check using RejectHeader. Please find
> > attached the test I have written.
> >
> > And one thing I noticed, Test-Proto.py tries to import HTTP and HTTPS
> > classes from " misc.constants", which is wrong. It should be imported from
> > test.base_test right?
> >
> > Regards,
> > Kushagra
>
> Regards,
> - AJ
- Re: [Bug-wget] Implementing draft to update RFC6265, Tim Ruehsen, 2016/02/01
- Re: [Bug-wget] Implementing draft to update RFC6265,
Tim Rühsen <=
- Re: [Bug-wget] Implementing draft to update RFC6265, Darshit Shah, 2016/02/03
- Re: [Bug-wget] Implementing draft to update RFC6265, Kushagra Singh, 2016/02/03
- Re: [Bug-wget] Implementing draft to update RFC6265, Darshit Shah, 2016/02/03
- Re: [Bug-wget] Implementing draft to update RFC6265, Kushagra Singh, 2016/02/08
- Re: [Bug-wget] Implementing draft to update RFC6265, Kushagra Singh, 2016/02/08
- Re: [Bug-wget] Implementing draft to update RFC6265, Kushagra Singh, 2016/02/10
- Re: [Bug-wget] Implementing draft to update RFC6265, Darshit Shah, 2016/02/11
- Re: [Bug-wget] Implementing draft to update RFC6265, Kushagra Singh, 2016/02/13