Re: [Bug-wget] Implementing draft to update RFC6265

[Darshit Shah]

That's no problem. Just mentioning it, so the thread stays alive and
we don't entirely forget about it.

On 3 February 2016 at 09:11, Kushagra Singh
<address@hidden> wrote:
> I'm out of town right now, I'll be able to get back to it in a couple of
> days. Sorry for the delay!
>
> Regards,
> Kushagra
>
>
> On Wed, 3 Feb 2016 13:39 Darshit Shah <address@hidden> wrote:
>>
>> That's fine. The patch was good.
>>
>> Now waiting on Kushagra's tests and his copyright assignment to go through
>>
>> On 1 February 2016 at 21:13, Tim Rühsen <address@hidden> wrote:
>> > Ups, just pushed your patch accidentially (thanks anyway).
>> > I wanted to wait for Darshit to confirm it...
>> >
>> > Regards, Tim
>> >
>> > Am Sonntag, 31. Januar 2016, 17:40:12 schrieb Ander Juaristi:
>> >> The test looks good to me, but I think I've spotted a bug _in the test
>> >> engine_ where the 'RejectHeader' rule doesn't get enforced.
>> >>
>> >> You can strip the 'secure' parameter from this testcase and still it
>> >> will
>> >> pass. I've written a patch to fix this.
>> >>
>> >> I.e. this:
>> >>
>> >> ---request begin---
>> >> GET /File2 HTTP/1.1
>> >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu)
>> >> Accept: */*
>> >> Accept-Encoding: identity
>> >> Host: 127.0.0.1:44832
>> >> Connection: Keep-Alive
>> >> Cookie: sess-id=0213
>> >>
>> >> ---request end---
>> >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016
>> >> 17:33:20]
>> >> "GET /File2 HTTP/1.1" 200 -
>> >>
>> >> ---response begin---
>> >> HTTP/1.1 200 OK
>> >> Server: BaseHTTP/0.6 Python/3.4.3+
>> >> Date: Sun, 31 Jan 2016 16:33:20 GMT
>> >> content-length: 29
>> >> content-type: text/plain
>> >>
>> >> versus this:
>> >>
>> >> ---request begin---
>> >> GET /File2 HTTP/1.1
>> >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu)
>> >> Accept: */*
>> >> Accept-Encoding: identity
>> >> Host: 127.0.0.1:37251
>> >> Connection: Keep-Alive
>> >> Cookie: sess-id=0213
>> >>
>> >> ---request end---
>> >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016
>> >> 17:34:18]
>> >> code 400, message Blacklisted Header Cookie received 127.0.0.1 - -
>> >> [31/Jan/2016 17:34:18] "GET /File2 HTTP/1.1" 400 -
>> >>
>> >> ---response begin---
>> >> HTTP/1.1 400 Blacklisted Header Cookie received
>> >> Server: BaseHTTP/0.6 Python/3.4.3+
>> >> Date: Sun, 31 Jan 2016 16:34:18 GMT
>> >> Content-Type: text/html;charset=utf-8
>> >> Connection: close
>> >> Content-Length: 483
>> >>
>> >> ---response end---
>> >> 400 Blacklisted Header Cookie received
>> >> Header Cookie received
>> >> URI content encoding = ‘utf-8’
>> >> Disabling further reuse of socket 3.
>> >> Closed fd 3
>> >> 2016-01-31 17:34:18 ERROR 400: Blacklisted Header Cookie received.
>> >>
>> >> On 01/30/2016 09:31 PM, Kushagra Singh wrote:
>> >> > Hi,
>> >> >
>> >> > I'm a bit stuck while writing tests. How do I test the fact that a
>> >> > secure
>> >> > only cookie does not get saved over an insecure connection? Even if
>> >> > the
>> >> > cookie gets saved, it will not be transmitted over an insecure
>> >> > connection
>> >> > (cookie_matches_url() ensures that). So even though I can see in the
>> >> > log
>> >> > that the cookie is not saved, I can't figure out how exactly to test
>> >> > that
>> >> > in the test suite, since I cannot check using RejectHeader. Please
>> >> > find
>> >> > attached the test I have written.
>> >> >
>> >> > And one thing I noticed, Test-Proto.py tries to import HTTP and HTTPS
>> >> > classes from " misc.constants", which is wrong. It should be imported
>> >> > from
>> >> > test.base_test right?
>> >> >
>> >> > Regards,
>> >> > Kushagra
>> >>
>> >> Regards,
>> >> - AJ
>> >
>> >
>>
>>
>>
>> --
>> Thanking You,
>> Darshit Shah
>>
>



-- 
Thanking You,
Darshit Shah