summaryrefslogtreecommitdiff
path: root/lib/cookie.h
diff options
context:
space:
mode:
authorDaniel Gustafsson <daniel@yesql.se>2018-12-13 09:57:58 +0100
committerDaniel Gustafsson <daniel@yesql.se>2018-12-13 09:57:58 +0100
commit7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 (patch)
tree65ff353305bd1d837519f292bf934a498ae4ed13 /lib/cookie.h
parentfdc5563b6e80bcdda89d68705cb5488ecc3a48ce (diff)
downloadcurl-7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5.tar.gz
cookies: leave secure cookies alone
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Diffstat (limited to 'lib/cookie.h')
-rw-r--r--lib/cookie.h5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/cookie.h b/lib/cookie.h
index a9f90ca71..3ee457c62 100644
--- a/lib/cookie.h
+++ b/lib/cookie.h
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -85,7 +85,8 @@ struct Curl_easy;
struct Cookie *Curl_cookie_add(struct Curl_easy *data,
struct CookieInfo *, bool header, bool noexpiry,
char *lineptr,
- const char *domain, const char *path);
+ const char *domain, const char *path,
+ bool secure);
struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
const char *, bool);