delta/curl.git/lib/cookie.h, branch bagder/https-proxy-tests

cookies: change argument type for Curl_flush_cookies

2019-10-03T20:56:28+00:00

The second argument is really a 'bool' so use that and pass in TRUE/FALSE
to make it clear.

Closes #4455

altsvc: Fix building with cookies disables

2019-04-20T20:46:21+00:00

ALTSVC requires Curl_get_line which is defined in lib/cookie.c inside a #if
check of HTTP and COOKIES. That makes Curl_get_line undefined if COOKIES is
disabled. Fix by splitting out the function into a separate file which can
be included where needed.

Closes #3717
Reviewed-by: Daniel Gustafsson 
Reviewed-by: Marcel Raad

alt-svc: the libcurl bits

2019-03-03T10:17:52+00:00

cookie: Add support for cookie prefixes

2019-02-16T23:09:30+00:00

The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes
and how they should affect cookie initialization, which has been
adopted by the major browsers. This adds support for the two prefixes
defined, __Host- and __Secure, and updates the testcase with the
supplied examples from the draft.

Closes #3554
Reviewed-by: Daniel Stenberg

cookies: leave secure cookies alone

2018-12-13T08:57:58+00:00

Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.

Closes #2956
Reviewed-by: Daniel Stenberg

cookies: support creation-time attribute for cookies

2018-08-31T12:11:37+00:00

According to RFC6265 section 5.4, cookies with equal path lengths
SHOULD be sorted by creation-time (earlier first). This adds a
creation-time record to the cookie struct in order to make cookie
sorting more deterministic. The creation-time is defined as the
order of the cookies in the jar, the first cookie read fro the
jar being the oldest. The creation-time is thus not serialized
into the jar. Also remove the strcmp() matching in the sorting as
there is no lexicographic ordering in RFC6265. Existing tests are
updated to match.

Closes #2524

cookies: remove unused macro

2018-04-27T06:54:15+00:00

Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused,
so remove as it's not part of the published API.

Closes https://github.com/curl/curl/pull/2537

cookie: store cookies per top-level-domain-specific hash table

2018-04-02T08:48:53+00:00

This makes libcurl handle thousands of cookies much better and speedier.

Closes #2440

cookies: when reading from a file, only remove_expired once

2018-04-02T08:40:32+00:00

This drops the cookie load time for 8k cookies from 178ms to 15ms.

Closes #2441

cookies: reject oversized cookies

2017-09-18T20:55:50+00:00

... instead of truncating them.

There's no fixed limit for acceptable cookie names in RFC 6265, but the
entire cookie is said to be less than 4096 bytes (section 6.1). This is
also what browsers seem to implement.

We now allow max 5000 bytes cookie header. Max 4095 bytes length per
cookie name and value. Name + value together may not exceed 4096 bytes.

Added test 1151 to verify

Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html
Reported-by: Kevin Smith

Closes #1894