diff options
| author | Daniel Gustafsson <daniel@yesql.se> | 2018-12-13 09:57:58 +0100 |
|---|---|---|
| committer | Daniel Gustafsson <daniel@yesql.se> | 2018-12-13 09:57:58 +0100 |
| commit | 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 (patch) | |
| tree | 65ff353305bd1d837519f292bf934a498ae4ed13 /lib/cookie.h | |
| parent | fdc5563b6e80bcdda89d68705cb5488ecc3a48ce (diff) | |
cookies: leave secure cookies alone
Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.
Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Diffstat (limited to 'lib/cookie.h')
| -rw-r--r-- | lib/cookie.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/cookie.h b/lib/cookie.h index a9f90ca71..3ee457c62 100644 --- a/lib/cookie.h +++ b/lib/cookie.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -85,7 +85,8 @@ struct Curl_easy; struct Cookie *Curl_cookie_add(struct Curl_easy *data, struct CookieInfo *, bool header, bool noexpiry, char *lineptr, - const char *domain, const char *path); + const char *domain, const char *path, + bool secure); struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *, const char *, bool); |