aboutsummaryrefslogtreecommitdiff
path: root/tests/data/test61
AgeCommit message (Collapse)Author
2018-12-13cookies: leave secure cookies aloneDaniel Gustafsson
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-08-31cookies: support creation-time attribute for cookiesDaniel Gustafsson
According to RFC6265 section 5.4, cookies with equal path lengths SHOULD be sorted by creation-time (earlier first). This adds a creation-time record to the cookie struct in order to make cookie sorting more deterministic. The creation-time is defined as the order of the cookies in the jar, the first cookie read fro the jar being the oldest. The creation-time is thus not serialized into the jar. Also remove the strcmp() matching in the sorting as there is no lexicographic ordering in RFC6265. Existing tests are updated to match. Closes #2524
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-03-12http: always send Host: header as first headerDaniel Stenberg
...after the method line: "Since the Host field-value is critical information for handling a request, a user agent SHOULD generate Host as the first header field following the request-line." / RFC 7230 section 5.4 Additionally, this will also make libcurl ignore multiple specified custom Host: headers and only use the first one. Test 1121 has been updated accordingly Bug: http://curl.haxx.se/bug/view.cgi?id=1491 Reported-by: Rainer Canavan
2014-09-10cookies: reject incoming cookies set for TLDsDaniel Stenberg
Test 61 was modified to verify this. CVE-2014-3620 Reported-by: Tim Ruehsen URL: http://curl.haxx.se/docs/adv_20140910B.html
2012-07-03cookies: change the URL in the cookie jar file headerDaniel Stenberg
2010-12-23cookies: tricked dotcounter fixedDaniel Stenberg
Providing multiple dots in a series in the domain field (domain=..com) could trick the cookie engine to wrongly accept the cookie believing it to be fine. Since the tailmatching would then match all .com sites, the cookie would then be sent to all of them. The code now requires at least one letter between each dot for them to be counted. Edited test case 61 to verify this.
2009-05-10made the cookie tests 61 and 62 test httponly cookies, both receiving inDaniel Stenberg
headers and reading from cookie-jar
2008-10-23Tweaked a few tests to test proper Turkish locale handlingDan Fandrich
2008-08-28- I'm abandoning the system with the web site mirrors (but keeping downloadDaniel Stenberg
files bing mirrored) and thus I've changed the URL in the cookiejar header to no longer use curlm.haxx.se but instead use the main site curl.haxx.se
2007-07-10Force the time zone to GMT in the cookie tests in case the user isDan Fandrich
using one of the so-called 'right' time zones that take into account leap seconds, which causes the tests to fail (as reported by Daniel Black in bug report #1745964).
2007-02-05Year 2038 has its own problems (32 bit integer overflow).Yang Tse
So cookie expiration date is lowered to expire at most in 2035.
2007-02-02more fixes for the testsuite cookie expiration issueYang Tse
2007-02-02cookie expiration time got us with pants at our knees.Yang Tse
Next time in 2038 :-)
2007-01-23Convert (most of) the test data files into genuine XML. A handful stillDan Fandrich
are not, due mainly to the lack of support for XML character entities (e.g. & => &amp; ). This will make it easier to validate test files using tools like xmllint, as well as edit and view them using XML tools.
2006-09-27As reported in bug: #1566077 the former URL mentioned in the generated cookieDaniel Stenberg
jar has died and we now instead point out our own version of that
2005-05-24Andres Garcia's mode=text patch to make these do fine on WindowsDaniel Stenberg
2005-05-11Modified the default HTTP headers used by libcurl:Daniel Stenberg
A) Normal non-proxy HTTP: - no more "Pragma: no-cache" (this only makes sense to proxies) B) Non-CONNECT HTTP request over proxy: - "Pragma: no-cache" is used (like before) - "Proxy-Connection: Keep-alive" (for older style 1.0-proxies) C) CONNECT HTTP request over proxy: - "Host: [name]:[port]" - "Proxy-Connection: Keep-alive"
2005-04-22keywords addedDaniel Stenberg
2004-09-111. cookie expire-strings MUST use GMT timezonesDaniel Stenberg
2. adjusted date strings to upcoming date parser rewrite
2004-09-08Now the test servers and test cases can run on a custom port number. There'sDaniel Stenberg
no fixed port numbers in use anymore. Starting now, the default ports the servers use are 8990 - 8993. There's no option to modify these yet, but changing the $base option in the top of the runtests.pl script.
2004-02-09Modified the default HTTP Accept: header to only be Accept: */*Daniel Stenberg
2003-07-19modified to work fine with the new persistant connection working test suiteDaniel Stenberg
HTTP server
2003-05-02fixed the format slightlyDaniel Stenberg
2003-04-30Each test case now specifies which server(s) it needs, without relying on theDaniel Stenberg
test number.
2003-04-30ok, make the test run ok tooDaniel Stenberg
2003-04-30various new cookie tests with a custom Host: header setDaniel Stenberg