aboutsummaryrefslogtreecommitdiff
path: root/tests/data/test8
AgeCommit message (Collapse)Author
2018-08-31cookies: support creation-time attribute for cookiesDaniel Gustafsson
According to RFC6265 section 5.4, cookies with equal path lengths SHOULD be sorted by creation-time (earlier first). This adds a creation-time record to the cookie struct in order to make cookie sorting more deterministic. The creation-time is defined as the order of the cookies in the jar, the first cookie read fro the jar being the oldest. The creation-time is thus not serialized into the jar. Also remove the strcmp() matching in the sorting as there is no lexicographic ordering in RFC6265. Existing tests are updated to match. Closes #2524
2016-02-08cookies: allow spaces in cookie names, cut of trailing spacesDaniel Stenberg
It turns out Firefox and Chrome both allow spaces in cookie names and there are sites out there using that. Turned out the code meant to strip off trailing space from cookie names didn't work. Fixed now. Test case 8 modified to verify both these changes. Closes #639
2014-09-10cookies: only use full host matches for hosts used as IP addressTim Ruehsen
By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both send cookies to wrong sites and to allow arbitrary sites to set cookies for others. CVE-2014-3613 Bug: http://curl.haxx.se/docs/adv_20140910A.html
2013-05-18cookies: only consider full path matchesYAMADA Yasuharu
I found a bug which cURL sends cookies to the path not to aim at. For example: - cURL sends a request to http://example.fake/hoge/ - server returns cookie which with path=/hoge; the point is there is NOT the '/' end of path string. - cURL sends a request to http://example.fake/hogege/ with the cookie. The reason for this old "feature" is because that behavior is what is described in the original netscape cookie spec: http://curl.haxx.se/rfc/cookie_spec.html The current cookie spec (RFC6265) clarifies the situation: http://tools.ietf.org/html/rfc6265#section-5.2.4
2012-11-19Let test 8 work as long as %HOSTIP ends with ".0.0.1"Fabian Keil
.. and add a precheck to skip the test otherwise.
2010-02-03cookies with same path length might get sorted in different order whenYang Tse
using different qsort implementations. In order to make this test give same results on different systems, paths now have different lengths.
2010-01-20modified test case 8 to also make sure that we deal with cookies usingDaniel Stenberg
identical names but different paths properly
2010-01-19- As was pointed out on the http-state mailing list, the order of cookies in aDaniel Stenberg
HTTP Cookie: header _needs_ to be sorted on the path length in the cases where two cookies using the same name are set more than once using (overlapping) paths. Realizing this, identically named cookies must be sorted correctly. But detecting only identically named cookies and take care of them individually is harder than just to blindly and unconditionally sort all cookies based on their path lengths. All major browsers also already do this, so this makes our behavior one step closer to them in the cookie area. Test case 8 was the only one that broke due to this change and I updated it accordingly.
2009-10-25- Dima Barsky made the curl cookie parser accept cookies even with blank orDaniel Stenberg
unparsable expiry dates and then treat them as session cookies - previously libcurl would reject cookies with a date format it couldn't parse. Research shows that the major browser treat such cookies as session cookies. I modified test 8 and 31 to verify this.
2009-05-25- bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointedDaniel Stenberg
out that the cookie parser would leak memory when it parses cookies that are received with domain, path etc set multiple times in the same header. While such a cookie is questionable, they occur in the wild and libcurl no longer leaks memory for them. I added such a header to test case 8.
2007-09-14Replaced 127.0.0.1 with %HOSTIP where possibleDan Fandrich
2007-01-23Convert (most of) the test data files into genuine XML. A handful stillDan Fandrich
are not, due mainly to the lack of support for XML character entities (e.g. & => & ). This will make it easier to validate test files using tools like xmllint, as well as edit and view them using XML tools.
2006-07-08Ates Goral pointed out that libcurl's cookie parser did case insensitiveDaniel Stenberg
string comparisons on the path which is incorrect and provided a patch that fixes this. I edited test case 8 to include details that test for this.
2005-05-11Modified the default HTTP headers used by libcurl:Daniel Stenberg
A) Normal non-proxy HTTP: - no more "Pragma: no-cache" (this only makes sense to proxies) B) Non-CONNECT HTTP request over proxy: - "Pragma: no-cache" is used (like before) - "Proxy-Connection: Keep-alive" (for older style 1.0-proxies) C) CONNECT HTTP request over proxy: - "Host: [name]:[port]" - "Proxy-Connection: Keep-alive"
2005-04-16keywords addedDaniel Stenberg
2005-04-16keywords addedDaniel Stenberg
2005-01-25A minor "syntax error" in numerous test files correctedDaniel Stenberg
2004-09-08Now the test servers and test cases can run on a custom port number. There'sDaniel Stenberg
no fixed port numbers in use anymore. Starting now, the default ports the servers use are 8990 - 8993. There's no option to modify these yet, but changing the $base option in the top of the runtests.pl script.
2004-02-09Modified the default HTTP Accept: header to only be Accept: */*Daniel Stenberg
2003-07-19modified to work fine with the new persistant connection working test suiteDaniel Stenberg
HTTP server
2003-04-30Each test case now specifies which server(s) it needs, without relying on theDaniel Stenberg
test number.
2001-08-24cookies are stored in the reversed order now (which in turn means thatDaniel Stenberg
the order is _not_ actually reversed like it used to be)
2001-05-28test case converted to the new file formatDaniel Stenberg