cookies: leave secure cookies alone

Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
author: Daniel Gustafsson <daniel@yesql.se> 2018-12-13 09:57:58 +0100
committer: Daniel Gustafsson <daniel@yesql.se> 2018-12-13 09:57:58 +0100
commit: 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 (patch)
tree: 65ff353305bd1d837519f292bf934a498ae4ed13 /lib/setopt.c
parent: fdc5563b6e80bcdda89d68705cb5488ecc3a48ce (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/setopt.c b/lib/setopt.c
index 1627aba6d..01a890b39 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -803,12 +803,12 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option,
         if(checkprefix("Set-Cookie:", argptr))
           /* HTTP Header format line */
           Curl_cookie_add(data, data->cookies, TRUE, FALSE, argptr + 11, NULL,
-                          NULL);
+                          NULL, TRUE);
 
         else
           /* Netscape format line */
           Curl_cookie_add(data, data->cookies, FALSE, FALSE, argptr, NULL,
-                          NULL);
+                          NULL, TRUE);
 
         Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE);
         free(argptr);
author	Daniel Gustafsson <daniel@yesql.se>	2018-12-13 09:57:58 +0100
committer	Daniel Gustafsson <daniel@yesql.se>	2018-12-13 09:57:58 +0100
commit	7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 (patch)
tree	65ff353305bd1d837519f292bf934a498ae4ed13 /lib/setopt.c
parent	fdc5563b6e80bcdda89d68705cb5488ecc3a48ce (diff)