aboutsummaryrefslogtreecommitdiff
path: root/tests/data/test1561
diff options
context:
space:
mode:
authorDaniel Gustafsson <daniel@yesql.se>2018-12-13 09:57:58 +0100
committerDaniel Gustafsson <daniel@yesql.se>2018-12-13 09:57:58 +0100
commit7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 (patch)
tree65ff353305bd1d837519f292bf934a498ae4ed13 /tests/data/test1561
parentfdc5563b6e80bcdda89d68705cb5488ecc3a48ce (diff)
cookies: leave secure cookies alone
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Diffstat (limited to 'tests/data/test1561')
-rw-r--r--tests/data/test156186
1 files changed, 86 insertions, 0 deletions
diff --git a/tests/data/test1561 b/tests/data/test1561
new file mode 100644
index 000000000..356dc94e4
--- /dev/null
+++ b/tests/data/test1561
@@ -0,0 +1,86 @@
+<testcase>
+<info>
+<keywords>
+HTTPS
+HTTP
+HTTP GET
+cookies
+cookiejar
+HTTP replaced headers
+</keywords>
+</info>
+
+# Server-side
+<reply>
+<data1>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Set-Cookie: super=secret; domain=example.com; path=/1561; secure;
+Set-Cookie: supersuper=secret; domain=example.com; path=/1561/login/; secure;
+Content-Length: 7
+
+nomnom
+</data1>
+<data2>
+HTTP/1.1 200 OK
+Date: Thu, 09 Nov 2010 14:49:00 GMT
+Server: test-server/fake
+Set-Cookie: super=secret; domain=example.com; path=/1561; httponly;
+Set-Cookie: super=secret; domain=example.com; path=/1561/; httponly;
+Set-Cookie: super=secret; domain=example.com; path=/15; httponly;
+Set-Cookie: public=yes; domain=example.com; path=/foo;
+Set-Cookie: supersuper=secret; domain=example.com; path=/1561/login/en;
+Set-Cookie: supersuper=secret; domain=example.com; path=/1561/login;
+Set-Cookie: secureoverhttp=yes; domain=example.com; path=/1561; secure;
+Content-Length: 7
+
+nomnom
+</data2>
+</reply>
+
+# Client-side
+<client>
+<features>
+SSL
+</features>
+<server>
+http
+https
+</server>
+<name>
+HTTP
+</name>
+<command>
+-k https://%HOSTIP:%HTTPSPORT/15610001 -L -c log/jar1561.txt -H "Host: www.example.com" http://%HOSTIP:%HTTPPORT/15610002 -L -c log/jar1561.txt -H "Host: www.example.com"
+</command>
+</client>
+<verify>
+<strip>
+^User-Agent:.*
+</strip>
+<protocol>
+GET /15610001 HTTP/1.1
+Host: www.example.com
+User-Agent: curl/7.62.0-DEV
+Accept: */*
+
+GET /15610002 HTTP/1.1
+Host: www.example.com
+User-Agent: curl/7.62.0-DEV
+Accept: */*
+
+</protocol>
+<file name="log/jar1561.txt" mode="text">
+# Netscape HTTP Cookie File
+# https://curl.haxx.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+.example.com TRUE /foo FALSE 0 public yes
+.example.com TRUE /1561/login/ TRUE 0 supersuper secret
+#HttpOnly_.example.com TRUE /15 FALSE 0 super secret
+</file>
+
+</verify>
+
+</testcase>