cookies: leave secure cookies alone

Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
author: Daniel Gustafsson <daniel@yesql.se> 2018-12-13 09:57:58 +0100
committer: Daniel Gustafsson <daniel@yesql.se> 2018-12-13 09:57:58 +0100
commit: 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 (patch)
tree: 65ff353305bd1d837519f292bf934a498ae4ed13 /tests/data/test1155
parent: fdc5563b6e80bcdda89d68705cb5488ecc3a48ce (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/data/test1155 b/tests/data/test1155
index 9bf325460..3db824d58 100644
--- a/tests/data/test1155
+++ b/tests/data/test1155
@@ -14,7 +14,7 @@ cookies
 HTTP/1.1 200 OK
 Date: Thu, 09 Nov 2010 14:49:00 GMT
 Content-Length: 0
-Set-Cookie: domain=value;secure;path=/
+Set-Cookie: domain=value;path=/
 
 </data>
 </reply>
@@ -48,7 +48,7 @@ Accept: */*
 # https://curl.haxx.se/docs/http-cookies.html
 # This file was generated by libcurl! Edit at your own risk.
 
-127.0.0.1	FALSE	/	TRUE	0	domain	value
+127.0.0.1	FALSE	/	FALSE	0	domain	value
 </file>
 </verify>
 </testcase>
author	Daniel Gustafsson <daniel@yesql.se>	2018-12-13 09:57:58 +0100
committer	Daniel Gustafsson <daniel@yesql.se>	2018-12-13 09:57:58 +0100
commit	7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 (patch)
tree	65ff353305bd1d837519f292bf934a498ae4ed13 /tests/data/test1155
parent	fdc5563b6e80bcdda89d68705cb5488ecc3a48ce (diff)