diff options
| author | John-Mark Bell <jmb@netsurf-browser.org> | 2013-01-04 22:01:15 +0000 |
|---|---|---|
| committer | John-Mark Bell <jmb@netsurf-browser.org> | 2013-01-04 22:06:31 +0000 |
| commit | d0d3d31e97c3d8e23be983243fb29e30accb4c86 (patch) | |
| tree | 810c593aa6def23786def34188b702a78303de1e /content/urldb.c | |
| parent | 07024b05c4be91498245a3066fc3365259acf8bd (diff) | |
| download | netsurf-d0d3d31e97c3d8e23be983243fb29e30accb4c86.tar.gz netsurf-d0d3d31e97c3d8e23be983243fb29e30accb4c86.tar.bz2 | |
Revert "Treat cookies from HTTP and HTTPS as identical."
Sadly, this breaks path cookies on HTTPS sites. The correct
fix is to implement RFC6265 in full (probably replacing
urldb with something less complex, too).
This reverts commit 924f8844d4e94f56232d70b25a925731ab19a84c.
Diffstat (limited to 'content/urldb.c')
| -rw-r--r-- | content/urldb.c | 47 |
1 files changed, 20 insertions, 27 deletions
diff --git a/content/urldb.c b/content/urldb.c index 050dbf650..e3cc1d73d 100644 --- a/content/urldb.c +++ b/content/urldb.c @@ -2410,9 +2410,9 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) const char *path; char *ret; lwc_string *scheme; - bool target_is_secure; time_t now; int i; + bool match; assert(url != NULL); @@ -2425,15 +2425,7 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) if (!p) return NULL; - scheme = nsurl_get_component(url, NSURL_SCHEME); - if (scheme == NULL) - scheme = lwc_string_ref(corestring_lwc_http); - - if (lwc_string_caseless_isequal(scheme, corestring_lwc_https, - &target_is_secure) != lwc_error_ok) - return NULL; - - lwc_string_unref(scheme); + scheme = p->scheme; matched_cookies = malloc(matched_cookies_size * sizeof(struct cookie_internal_data *)); @@ -2492,7 +2484,11 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) /* cookie has expired => ignore */ continue; - if (c->secure && target_is_secure == false) + if (c->secure && lwc_string_isequal( + q->scheme, + corestring_lwc_https, + &match) && + match == false) /* secure cookie for insecure host. * ignore */ continue; @@ -2527,7 +2523,11 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) /* cookie has expired => ignore */ continue; - if (c->secure && target_is_secure == false) + if (c->secure && lwc_string_isequal( + q->scheme, + corestring_lwc_https, + &match) && + match == false) /* Secure cookie for insecure server * => ignore */ continue; @@ -2567,7 +2567,10 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) /* paths don't match => ignore */ continue; - if (c->secure && target_is_secure == false) + if (c->secure && lwc_string_isequal(p->scheme, + corestring_lwc_https, + &match) && + match == false) /* Secure cookie for insecure server * => ignore */ continue; @@ -2598,7 +2601,10 @@ char *urldb_get_cookie(nsurl *url, bool include_http_only) /* paths don't match => ignore */ continue; - if (c->secure && target_is_secure == false) + if (c->secure && lwc_string_isequal(scheme, + corestring_lwc_https, + &match) && + match == false) /* secure cookie for insecure host. ignore */ continue; @@ -2692,19 +2698,6 @@ bool urldb_set_cookie(const char *header, nsurl *url, nsurl *referer) return false; } - /* If HTTPS, store cookie using HTTP */ - if (lwc_string_caseless_isequal(scheme, corestring_lwc_https, - &match) != lwc_error_ok) { - lwc_string_unref(scheme); - nsurl_unref(urlt); - return false; - } - - if (match) { - lwc_string_unref(scheme); - scheme = lwc_string_ref(corestring_lwc_http); - } - path = nsurl_get_component(url, NSURL_PATH); if (path == NULL) { lwc_string_unref(scheme); |