Re: [Bug-wget] Implementing draft to update RFC6265

[Kushagra Singh]

I'm out of town right now, I'll be able to get back to it in a couple of
days. Sorry for the delay!

Regards,
Kushagra

On Wed, 3 Feb 2016 13:39 Darshit Shah <address@hidden> wrote:

> That's fine. The patch was good.
>
> Now waiting on Kushagra's tests and his copyright assignment to go through
>
> On 1 February 2016 at 21:13, Tim Rühsen <address@hidden> wrote:
> > Ups, just pushed your patch accidentially (thanks anyway).
> > I wanted to wait for Darshit to confirm it...
> >
> > Regards, Tim
> >
> > Am Sonntag, 31. Januar 2016, 17:40:12 schrieb Ander Juaristi:
> >> The test looks good to me, but I think I've spotted a bug _in the test
> >> engine_ where the 'RejectHeader' rule doesn't get enforced.
> >>
> >> You can strip the 'secure' parameter from this testcase and still it
> will
> >> pass. I've written a patch to fix this.
> >>
> >> I.e. this:
> >>
> >> ---request begin---
> >> GET /File2 HTTP/1.1
> >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu)
> >> Accept: */*
> >> Accept-Encoding: identity
> >> Host: 127.0.0.1:44832
> >> Connection: Keep-Alive
> >> Cookie: sess-id=0213
> >>
> >> ---request end---
> >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016
> 17:33:20]
> >> "GET /File2 HTTP/1.1" 200 -
> >>
> >> ---response begin---
> >> HTTP/1.1 200 OK
> >> Server: BaseHTTP/0.6 Python/3.4.3+
> >> Date: Sun, 31 Jan 2016 16:33:20 GMT
> >> content-length: 29
> >> content-type: text/plain
> >>
> >> versus this:
> >>
> >> ---request begin---
> >> GET /File2 HTTP/1.1
> >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu)
> >> Accept: */*
> >> Accept-Encoding: identity
> >> Host: 127.0.0.1:37251
> >> Connection: Keep-Alive
> >> Cookie: sess-id=0213
> >>
> >> ---request end---
> >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016
> 17:34:18]
> >> code 400, message Blacklisted Header Cookie received 127.0.0.1 - -
> >> [31/Jan/2016 17:34:18] "GET /File2 HTTP/1.1" 400 -
> >>
> >> ---response begin---
> >> HTTP/1.1 400 Blacklisted Header Cookie received
> >> Server: BaseHTTP/0.6 Python/3.4.3+
> >> Date: Sun, 31 Jan 2016 16:34:18 GMT
> >> Content-Type: text/html;charset=utf-8
> >> Connection: close
> >> Content-Length: 483
> >>
> >> ---response end---
> >> 400 Blacklisted Header Cookie received
> >> Header Cookie received
> >> URI content encoding = ‘utf-8’
> >> Disabling further reuse of socket 3.
> >> Closed fd 3
> >> 2016-01-31 17:34:18 ERROR 400: Blacklisted Header Cookie received.
> >>
> >> On 01/30/2016 09:31 PM, Kushagra Singh wrote:
> >> > Hi,
> >> >
> >> > I'm a bit stuck while writing tests. How do I test the fact that a
> secure
> >> > only cookie does not get saved over an insecure connection? Even if
> the
> >> > cookie gets saved, it will not be transmitted over an insecure
> connection
> >> > (cookie_matches_url() ensures that). So even though I can see in the
> log
> >> > that the cookie is not saved, I can't figure out how exactly to test
> that
> >> > in the test suite, since I cannot check using RejectHeader. Please
> find
> >> > attached the test I have written.
> >> >
> >> > And one thing I noticed, Test-Proto.py tries to import HTTP and HTTPS
> >> > classes from " misc.constants", which is wrong. It should be imported
> from
> >> > test.base_test right?
> >> >
> >> > Regards,
> >> > Kushagra
> >>
> >> Regards,
> >> - AJ
> >
> >
>
>
>
> --
> Thanking You,
> Darshit Shah
>
>