diff options
author | Daniel Stenberg <daniel@haxx.se> | 2019-01-09 10:11:58 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2019-01-10 10:31:06 +0100 |
commit | afeb8d99022255279ee63125f2fa0f69810ce9c3 (patch) | |
tree | bfb795c8cab8f4e6357ce46e9144132e160e5e84 | |
parent | 4c35574bb785ce44d72db5483541c9da2d885705 (diff) |
cookies: allow secure override when done over HTTPS
Added test 1562 to verify.
Reported-by: Jeroen Ooms
Fixes #3445
Closes #3450
-rw-r--r-- | lib/cookie.c | 4 | ||||
-rw-r--r-- | tests/data/Makefile.inc | 2 | ||||
-rw-r--r-- | tests/data/test1562 | 72 |
3 files changed, 75 insertions, 3 deletions
diff --git a/lib/cookie.c b/lib/cookie.c index f52c30840..dfa66ee7f 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -951,7 +951,7 @@ Curl_cookie_add(struct Curl_easy *data, /* the domains were identical */ if(clist->spath && co->spath) { - if(clist->secure && !co->secure) { + if(clist->secure && !co->secure && !secure) { size_t cllen; const char *sep; diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 0d58b2d08..79bbc657d 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -177,7 +177,7 @@ test1533 test1534 test1535 test1536 test1537 test1538 \ test1540 \ test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \ \ -test1560 test1561 \ +test1560 test1561 test1562 \ \ test1590 test1591 test1592 \ \ diff --git a/tests/data/test1562 b/tests/data/test1562 new file mode 100644 index 000000000..59cb9ccba --- /dev/null +++ b/tests/data/test1562 @@ -0,0 +1,72 @@ +<testcase> +<info> +<keywords> +HTTPS +HTTP +HTTP GET +cookies +HTTP replaced headers +</keywords> +</info> + +# Server-side +<reply> +<data1> +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Set-Cookie: foo=123; path=/; secure; +Content-Length: 7 + +nomnom +</data1> +<data2> +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Set-Cookie: foo=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/ +Content-Length: 7 + +nomnom +</data2> +</reply> + +# Client-side +<client> +<features> +SSL +</features> +<server> +http +https +</server> +<name> +Expire secure cookies over HTTPS +</name> +<command> +-k https://%HOSTIP:%HTTPSPORT/15620001 -H "Host: www.example.com" https://%HOSTIP:%HTTPSPORT/15620002 -b "non-existing" https://%HOSTIP:%HTTPSPORT/15620001 +</command> +</client> +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET /15620001 HTTP/1.1
+Host: www.example.com
+Accept: */*
+
+GET /15620002 HTTP/1.1
+Host: www.example.com
+Accept: */*
+Cookie: foo=123
+
+GET /15620001 HTTP/1.1
+Host: www.example.com
+Accept: */*
+
+</protocol> + +</verify> + +</testcase> |