diff options
author | YAMADA Yasuharu <yasuharu.yamada@access-company.com> | 2013-05-18 22:51:31 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2013-05-18 22:54:48 +0200 |
commit | 04f52e9b4db01bcbf672c9c69303a4e4ad0d0fb9 (patch) | |
tree | 5289aab301b2404dc8576c219d0c7a5118f91b24 /tests/data/test1228 | |
parent | 100a33f7ff8bd7dec1fe4b50bed57626a86c6b87 (diff) |
cookies: only consider full path matches
I found a bug which cURL sends cookies to the path not to aim at.
For example:
- cURL sends a request to http://example.fake/hoge/
- server returns cookie which with path=/hoge;
the point is there is NOT the '/' end of path string.
- cURL sends a request to http://example.fake/hogege/ with the cookie.
The reason for this old "feature" is because that behavior is what is
described in the original netscape cookie spec:
http://curl.haxx.se/rfc/cookie_spec.html
The current cookie spec (RFC6265) clarifies the situation:
http://tools.ietf.org/html/rfc6265#section-5.2.4
Diffstat (limited to 'tests/data/test1228')
-rw-r--r-- | tests/data/test1228 | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/tests/data/test1228 b/tests/data/test1228 new file mode 100644 index 000000000..0a76b878c --- /dev/null +++ b/tests/data/test1228 @@ -0,0 +1,54 @@ +<testcase> +<info> +<keywords> +HTTP +HTTP GET +cookies +cookie path +</keywords> +</info> +<reply> +<data> +HTTP/1.1 200 OK +Date: Tue, 25 Sep 2001 19:37:44 GMT +Set-Cookie: path1=root; domain=.example.fake; path=/; +Set-Cookie: path2=depth1; domain=.example.fake; path=/hoge; +Content-Length: 34 + +This server says cookie path test +</data> +</reply> + +# Client-side +<client> +<server> +http +</server> + <name> +HTTP cookie path match + </name> + <command> +http://example.fake/hoge/1228 http://example.fake/hogege/ -b nonexisting -x %HOSTIP:%HTTPPORT +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET http://example.fake/hoge/1228 HTTP/1.1
+Host: example.fake
+Accept: */*
+Proxy-Connection: Keep-Alive
+
+GET http://example.fake/hogege/ HTTP/1.1
+Host: example.fake
+Accept: */*
+Proxy-Connection: Keep-Alive
+Cookie: path1=root
+
+</protocol> +</verify> +</testcase> |