cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] HttpOnly

From: Niklas Angebrand <angebran_at_dtek.chalmers.se>
Date: Tue, 22 Jan 2008 02:22:38 +0100

Hi,

Some cookies are trailed with the keyword 'httponly' and Firefox obeys this
when it stores the cookie in its cookie jar (<profile_path>/cookie.txt). I
patched the CVS version to not ignore these cookies.

The patch was tested by trying to log in to facebook.com using Firefox's
cookie jar (and the "remember me" option set), through the WWW::Curl::Easy
interface for perl.

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.11) Gecko/20071204
Ubuntu/7.10 (gutsy) Firefox/2.0.0.11

Note that I have not looked into whether curl correctly parses incoming
Set-Cookie: headers with the httponly attribute.

Related:
Mitigating Cross-site Scripting With HTTP-only Cookies
http://msdn2.microsoft.com/en-us/library/ms533046.aspx

-- 
Niklas Angebrand

text/x-diff attachment: httpOnly.patch

Received on 2008-01-22

This message: [ Message body ]
Next message: Hou, LiangX: "RE: How to verify the peer certificate by the Certificate Thumbprint"
Previous message: Daniel Stenberg: "Re: [PATCH] remove cancelled state"
Next in thread: Daniel Stenberg: "Re: [PATCH] HttpOnly"
Reply: Daniel Stenberg: "Re: [PATCH] HttpOnly"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]