]> granicus.if.org Git - curl/commit
projects / curl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fdc5563) | patch
cookies: leave secure cookies alone
authorDaniel Gustafsson <daniel@yesql.se>
Thu, 13 Dec 2018 08:57:58 +0000 (09:57 +0100)
committerDaniel Gustafsson <daniel@yesql.se>
Thu, 13 Dec 2018 08:57:58 +0000 (09:57 +0100)
commit7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5
tree65ff353305bd1d837519f292bf934a498ae4ed13tree | snapshot
parentfdc5563b6e80bcdda89d68705cb5488ecc3a48cecommit | diff
cookies: leave secure cookies alone

Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.

Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
docs/HTTP-COOKIES.md diff | blob | history
docs/TODO diff | blob | history
lib/cookie.c diff | blob | history
lib/cookie.h diff | blob | history
lib/http.c diff | blob | history
lib/setopt.c diff | blob | history
tests/data/Makefile.inc diff | blob | history
tests/data/test1155 diff | blob | history
tests/data/test1561 [new file with mode: 0644] blob
tests/data/test31 diff | blob | history
tests/data/test61 diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.