From e6522522f96ad96b459e608c6cdcd46a32099b5b Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Sun, 17 Feb 2019 00:09:30 +0100 Subject: cookie: Add support for cookie prefixes The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes and how they should affect cookie initialization, which has been adopted by the major browsers. This adds support for the two prefixes defined, __Host- and __Secure, and updates the testcase with the supplied examples from the draft. Closes #3554 Reviewed-by: Daniel Stenberg --- docs/HTTP-COOKIES.md | 11 +++++++++-- docs/ROADMAP.md | 10 ---------- 2 files changed, 9 insertions(+), 12 deletions(-) (limited to 'docs') diff --git a/docs/HTTP-COOKIES.md b/docs/HTTP-COOKIES.md index 66e39d232..632cb4ebe 100644 --- a/docs/HTTP-COOKIES.md +++ b/docs/HTTP-COOKIES.md @@ -18,9 +18,16 @@ original [Netscape spec from 1994](https://curl.haxx.se/rfc/cookie_spec.html). In 2011, [RFC6265](https://www.ietf.org/rfc/rfc6265.txt) was finally - published and details how cookies work within HTTP. In 2017, an update was + published and details how cookies work within HTTP. In 2016, an update which + added support for prefixes was + [proposed](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00), + and in 2017, another update was [drafted](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01) - to deprecate modification of 'secure' cookies from non-secure origins. + to deprecate modification of 'secure' cookies from non-secure origins. Both + of these drafs have been incorporated into a proposal to + [replace](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02) + RFC6265. Cookie prefixes and secure cookie modification protection has been + implemented by curl. ## Cookies saved to disk diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md index 497c45b54..cbcaa2235 100644 --- a/docs/ROADMAP.md +++ b/docs/ROADMAP.md @@ -10,16 +10,6 @@ QUIC See the [QUIC wiki page](https://github.com/curl/curl/wiki/QUIC). -HTTP cookies ------------- - -On top of what we already support, the prefix cookie draft has been adopted by -the httpwg in IETF and we should support it as the popular browsers will: - -[Cookie Prefixes](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00) - -[Firefox bug report about secure cookies](https://bugzilla.mozilla.org/show_bug.cgi?id=976073) - SRV records ----------- -- cgit v1.2.3