From 98ee12bc356e2635858049ba5e69a62bb7e5e9c2 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 4 Aug 2003 23:05:57 +0000
Subject:   Jan Sundin reported a case where curl ignored a cookie that
 browsers don't,   which turned up to be due to the number of dots in the
 'domain'. I've now   made curl follow the the original netscape cookie spec
 less strict on that   part.

---
 lib/cookie.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/cookie.c b/lib/cookie.c
index c9883594c..03065f909 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -234,7 +234,13 @@ Curl_cookie_add(struct CookieInfo *c,
                 break;
               }
             }
-            if(dotcount < 3) {
+            /* The original Netscape cookie spec defined that this domain name
+               MUST have three dots (or two if one of the seven holy TLDs),
+               but it seems that these kinds of cookies are in use "out there"
+               so we cannot be that strict. I've therefore lowered the check
+               to not allow less than two dots. */
+            
+            if(dotcount < 2) {
               /* Received and skipped a cookie with a domain using too few
                  dots. */
               badcookie=TRUE; /* mark this as a bad cookie */
-- 
cgit v1.2.3