Package: w3m Version: 0.5.1-5 "This cookie was rejected to prevent security violation. [wrong number of dots]"
W3m rejects cookies for domain.tld (versus subdomain.domain.tld) unless when tld is one of .com, .edu, .gov, .mil, .net, .org and .int. This is done on the assumption that others TLD follow the .jp domain.subtld.tld model: .co.jp for commercial sites, .ac.jp for academic sites, and so on. The reason to reject such cookies is to prevent malicious sites from putting cookies on whole subdomains, which would be akin tu putting cookies on the whole .com or .org TLD. But the assumption is wrong: a lot of country code TLD do not follow this policy (including .jp, nowadays), and the hardcoded list of generic TLD in w3m is incomplete. That makes browsing some sites very annoying, due to a lot of rejected cookies (each pausing for some time, if cookies are displayed), and sometimes impossible (if the site is badly written). The code is in cookie.c, lines 302 to 313, where the special_domain variable is used. For the record, in Firefox, the corresponding feature seems to be in toolkit/components/places/src/nsNavHistory.cpp (with a "This should be moved somewhere else (like cookies)" comment), near the end, with a hardcoded list of ccTLD with subtld policy. The complete hardcoded list is .uk and .kr. Therefore, the simplest would be to simply remove this test, and accept unconditionally cookies for domain.tld. Regards, -- Nicolas George Irrelevant system information: Debian Etch up to date Linux she-seel 2.6.17.8-she-seel #1 PREEMPT Wed Aug 9 12:24:43 CEST 2006 x86_64 GNU/Linux libc6 2.3.6.ds1-4 libgc1c2 6.7-2 libgpmg1 1.19.6-22 libncurses5 5.5-2 libssl0.9.8 0.9.8b-2 zlib1g 1.2.3-13
signature.asc
Description: Digital signature
