Hi,
It seems that, according to sections 8.5 and 8.6 of RFC 6265, cookie
_acceptance and storage_ should not rely on path prefixing requestr- uri
condition.
Attached, a patch to fix this.
--
Sylvain
--- a/src/LYCookie.c
+++ b/src/LYCookie.c
@@ -371,7 +371,6 @@
BOOL Replacement = FALSE;
int invprompt_reasons = 0; /* what is wrong with this cookie - kw */
-#define FAILS_COND1 0x01
#define FAILS_COND4 0x02
if (co == NULL)
@@ -397,38 +396,6 @@
cookie_list = de->cookie_list;
/*
- * Apply sanity checks.
- *
- * Section 4.3.2, condition 1: The value for the Path attribute is
- * not a prefix of the request-URI.
- *
- * If cookie checking for this domain is set to INVCHECK_LOOSE,
- * then we want to bypass this check. The user should be queried
- * if set to INVCHECK_QUERY.
- */
- if (!is_prefix(co->path, path)) {
- invcheck_behaviour_t invcheck_bv = (de ? de->invcheck_bv
- : DEFAULT_INVCHECK_BV);
-
- switch (invcheck_bv) {
- case INVCHECK_LOOSE:
- break; /* continue as if nothing were wrong */
-
- case INVCHECK_QUERY:
- /* will prompt later if we get that far */
- invprompt_reasons |= FAILS_COND1;
- break;
-
- case INVCHECK_STRICT:
- CTrace((tfp,
- "store_cookie: Rejecting because '%s' is not a prefix of
'%s'.\n",
- co->path, path));
- freeCookie(co);
- return;
- }
- }
-
- /*
* The next 4 conditions do NOT apply if the domain is still
* the default of request-host. (domains - case insensitive).
*/
@@ -543,19 +510,6 @@
freeCookie(co);
FREE(msg);
return;
- }
- }
- if (invprompt_reasons & FAILS_COND1) {
- HTSprintf0(&msg,
- INVALID_COOKIE_PATH_CONFIRMATION,
- co->path, path);
- if (!HTForcedPrompt(cookie_noprompt, msg, NO)) {
- CTrace((tfp,
- "store_cookie: Rejecting because '%s' is not a prefix
of '%s'.\n",
- co->path, path));
- freeCookie(co);
- FREE(msg);
- return;
}
}
FREE(msg);
_______________________________________________
Lynx-dev mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/lynx-dev
