aboutsummaryrefslogtreecommitdiff
path: root/tests/data/test31
AgeCommit message (Collapse)Author
2018-12-13cookies: leave secure cookies aloneDaniel Gustafsson
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-08-31cookies: support creation-time attribute for cookiesDaniel Gustafsson
According to RFC6265 section 5.4, cookies with equal path lengths SHOULD be sorted by creation-time (earlier first). This adds a creation-time record to the cookie struct in order to make cookie sorting more deterministic. The creation-time is defined as the order of the cookies in the jar, the first cookie read fro the jar being the oldest. The creation-time is thus not serialized into the jar. Also remove the strcmp() matching in the sorting as there is no lexicographic ordering in RFC6265. Existing tests are updated to match. Closes #2524
2017-05-13tests: made a couple of prechecks consistent with othersDan Fandrich
Also removed a TODO suggesting caching the precheck results. Tests showed this would save about 0.1 sec on the total test run time on a relatively modern system, an unnoticeable gain at the cost of longer and more complicated code. There would also be a danger that a cached test result would be inappropriately returned, such as when other test dependencies (like environment variables) are different or when the precheck causes side effects (like filesystem changes).
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-04-01cookie: handle spaces after the name in Set-CookieDaniel Stenberg
"name =value" is fine and the space should just be skipped. Updated test 31 to also test for this. Bug: https://github.com/bagder/curl/issues/195 Reported-by: cromestant Help-by: Frank Gevaerts
2014-09-10cookies: only use full host matches for hosts used as IP addressTim Ruehsen
By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both send cookies to wrong sites and to allow arbitrary sites to set cookies for others. CVE-2014-3613 Bug: http://curl.haxx.se/docs/adv_20140910A.html
2013-06-12cookies: follow-up fix for path checkingYAMADA Yasuharu
The initial fix to only compare full path names were done in commit 04f52e9b4db0 but found out to be incomplete. This takes should make the change more complete and there's now two additional tests to verify (test 31 and 62).
2012-11-19Add a HOSTIP precheck for tests 31 and 1105Fabian Keil
They currently only work for 127.0.0.1 which is hardcoded and can't be easily changed.
2012-11-19Use carriage returns in all headers in test 31Fabian Keil
Trailing spaces were left unmodifed, assuming they were intentional.
2012-07-03cookies: change the URL in the cookie jar file headerDaniel Stenberg
2011-08-09cookie parser: handle 'secure='Daniel Stenberg
There are two keywords in cookie headers that don't follow the regular name=value style: secure and httponly. Still we must support that they are written like 'secure=' and then treat them as if they were written 'secure'. Test case 31 was much extended by Rob Ward to test this. Bug: http://curl.haxx.se/bug/view.cgi?id=3349227 Reported by: "gnombat"
2009-10-25- Dima Barsky made the curl cookie parser accept cookies even with blank orDaniel Stenberg
unparsable expiry dates and then treat them as session cookies - previously libcurl would reject cookies with a date format it couldn't parse. Research shows that the major browser treat such cookies as session cookies. I modified test 8 and 31 to verify this.
2008-08-28- I'm abandoning the system with the web site mirrors (but keeping downloadDaniel Stenberg
files bing mirrored) and thus I've changed the URL in the cookiejar header to no longer use curlm.haxx.se but instead use the main site curl.haxx.se
2008-01-31- Niklas Angebrand made the cookie support in libcurl properly deal with theDaniel Stenberg
"HttpOnly" feature introduced by Microsoft and apparently also supported by Firefox: http://msdn2.microsoft.com/en-us/library/ms533046.aspx . HttpOnly is now supported when received from servers in HTTP headers, when written to cookie jars and when read from existing cookie jars.
2007-09-14Replaced 127.0.0.1 with %HOSTIP where possibleDan Fandrich
2007-07-10Force the time zone to GMT in the cookie tests in case the user isDan Fandrich
using one of the so-called 'right' time zones that take into account leap seconds, which causes the tests to fail (as reported by Daniel Black in bug report #1745964).
2007-02-05Year 2038 has its own problems (32 bit integer overflow).Yang Tse
So cookie expiration date is lowered to expire at most in 2035.
2007-02-02more fixes for the testsuite cookie expiration issueYang Tse
2007-02-02cookie expiration time got us with pants at our knees.Yang Tse
Next time in 2038 :-)
2007-01-23Convert (most of) the test data files into genuine XML. A handful stillDan Fandrich
are not, due mainly to the lack of support for XML character entities (e.g. & => &amp; ). This will make it easier to validate test files using tools like xmllint, as well as edit and view them using XML tools.
2006-09-27As reported in bug: #1566077 the former URL mentioned in the generated cookieDaniel Stenberg
jar has died and we now instead point out our own version of that
2005-05-11Modified the default HTTP headers used by libcurl:Daniel Stenberg
A) Normal non-proxy HTTP: - no more "Pragma: no-cache" (this only makes sense to proxies) B) Non-CONNECT HTTP request over proxy: - "Pragma: no-cache" is used (like before) - "Proxy-Connection: Keep-alive" (for older style 1.0-proxies) C) CONNECT HTTP request over proxy: - "Host: [name]:[port]" - "Proxy-Connection: Keep-alive"
2005-04-28Set mode text on the section that is written by curl in text mode, to allowDaniel Stenberg
the runtests.pl to check this differently on operating systems that differentiate on this.
2005-04-16keywords addedDaniel Stenberg
2005-01-25A minor "syntax error" in numerous test files correctedDaniel Stenberg
2004-09-111. cookie expire-strings MUST use GMT timezonesDaniel Stenberg
2. adjusted date strings to upcoming date parser rewrite
2004-09-08Now the test servers and test cases can run on a custom port number. There'sDaniel Stenberg
no fixed port numbers in use anymore. Starting now, the default ports the servers use are 8990 - 8993. There's no option to modify these yet, but changing the $base option in the top of the runtests.pl script.
2004-02-09Modified the default HTTP Accept: header to only be Accept: */*Daniel Stenberg
2003-07-19modified to work fine with the new persistant connection working test suiteDaniel Stenberg
HTTP server
2003-04-30Each test case now specifies which server(s) it needs, without relying on theDaniel Stenberg
test number.
2003-04-30modified to work with modified codeDaniel Stenberg
2002-07-29extended and improved cookie testingDaniel Stenberg
2002-02-27use the correct time in the cookie jarDaniel Stenberg
2002-02-26new field1 functionality testing tooDaniel Stenberg
2002-02-26test 31: "HTTP with weirdly formatted cookies and cookiejar storage"Daniel Stenberg