summaryrefslogtreecommitdiff
path: root/lib/cookie.h
Commit message (Collapse)AuthorAgeFilesLines
* altsvc: Fix building with cookies disablesPo-Chuan Hsieh2019-04-201-1/+0
| | | | | | | | | | | ALTSVC requires Curl_get_line which is defined in lib/cookie.c inside a #if check of HTTP and COOKIES. That makes Curl_get_line undefined if COOKIES is disabled. Fix by splitting out the function into a separate file which can be included where needed. Closes #3717 Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
* alt-svc: the libcurl bitsDaniel Stenberg2019-03-031-0/+1
|
* cookie: Add support for cookie prefixesDaniel Gustafsson2019-02-171-1/+9
| | | | | | | | | | | The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes and how they should affect cookie initialization, which has been adopted by the major browsers. This adds support for the two prefixes defined, __Host- and __Secure, and updates the testcase with the supplied examples from the draft. Closes #3554 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* cookies: leave secure cookies aloneDaniel Gustafsson2018-12-131-2/+3
| | | | | | | | | | | Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* cookies: support creation-time attribute for cookiesDaniel Gustafsson2018-08-311-1/+3
| | | | | | | | | | | | | | According to RFC6265 section 5.4, cookies with equal path lengths SHOULD be sorted by creation-time (earlier first). This adds a creation-time record to the cookie struct in order to make cookie sorting more deterministic. The creation-time is defined as the order of the cookies in the jar, the first cookie read fro the jar being the oldest. The creation-time is thus not serialized into the jar. Also remove the strcmp() matching in the sorting as there is no lexicographic ordering in RFC6265. Existing tests are updated to match. Closes #2524
* cookies: remove unused macroDaniel Gustafsson2018-04-271-1/+0
| | | | | | | Commit 2bc230de63 made the macro MAX_COOKIE_LINE_TXT become unused, so remove as it's not part of the published API. Closes https://github.com/curl/curl/pull/2537
* cookie: store cookies per top-level-domain-specific hash tableLauri Kasanen2018-04-021-1/+3
| | | | | | This makes libcurl handle thousands of cookies much better and speedier. Closes #2440
* cookies: when reading from a file, only remove_expired onceLauri Kasanen2018-04-021-1/+2
| | | | | | This drops the cookie load time for 8k cookies from 178ms to 15ms. Closes #2441
* cookies: reject oversized cookiesDaniel Stenberg2017-09-181-4/+7
| | | | | | | | | | | | | | | | | | ... instead of truncating them. There's no fixed limit for acceptable cookie names in RFC 6265, but the entire cookie is said to be less than 4096 bytes (section 6.1). This is also what browsers seem to implement. We now allow max 5000 bytes cookie header. Max 4095 bytes length per cookie name and value. Name + value together may not exceed 4096 bytes. Added test 1151 to verify Bug: https://curl.haxx.se/mail/lib-2017-09/0062.html Reported-by: Kevin Smith Closes #1894
* cookies: getlist() now holds deep copies of all cookiesDaniel Stenberg2016-10-311-2/+2
| | | | | | | | | | | Previously it only held references to them, which was reckless as the thread lock was released so the cookies could get modified by other handles that share the same cookie jar over the share interface. CVE-2016-8623 Bug: https://curl.haxx.se/docs/adv_20161102I.html Reported-by: Cure53
* internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg2016-06-221-6/+6
|
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-031-1/+1
|
* cookies: follow-up fix for path checkingYAMADA Yasuharu2013-06-121-1/+2
| | | | | | | The initial fix to only compare full path names were done in commit 04f52e9b4db0 but found out to be incomplete. This takes should make the change more complete and there's now two additional tests to verify (test 31 and 62).
* build: fix circular header inclusion with other packagesYang Tse2013-01-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
* Revert changes relative to lib/*.[ch] recent renamingYang Tse2013-01-061-0/+103
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
* build: rename 76 lib/*.h filesYang Tse2012-12-281-103/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 76 private header files renamed to use our standard naming scheme. This commit only does the file renaming. ---------------------------------------- renamed: amigaos.h -> curl_amigaos.h renamed: arpa_telnet.h -> curl_arpa_telnet.h renamed: asyn.h -> curl_asyn.h renamed: axtls.h -> curl_axtls.h renamed: bundles.h -> curl_bundles.h renamed: conncache.h -> curl_conncache.h renamed: connect.h -> curl_connect.h renamed: content_encoding.h -> curl_content_encoding.h renamed: cookie.h -> curl_cookie.h renamed: cyassl.h -> curl_cyassl.h renamed: dict.h -> curl_dict.h renamed: easyif.h -> curl_easyif.h renamed: escape.h -> curl_escape.h renamed: file.h -> curl_file.h renamed: fileinfo.h -> curl_fileinfo.h renamed: formdata.h -> curl_formdata.h renamed: ftp.h -> curl_ftp.h renamed: ftplistparser.h -> curl_ftplistparser.h renamed: getinfo.h -> curl_getinfo.h renamed: gopher.h -> curl_gopher.h renamed: gtls.h -> curl_gtls.h renamed: hash.h -> curl_hash.h renamed: hostcheck.h -> curl_hostcheck.h renamed: hostip.h -> curl_hostip.h renamed: http.h -> curl_http.h renamed: http_chunks.h -> curl_http_chunks.h renamed: http_digest.h -> curl_http_digest.h renamed: http_negotiate.h -> curl_http_negotiate.h renamed: http_proxy.h -> curl_http_proxy.h renamed: if2ip.h -> curl_if2ip.h renamed: imap.h -> curl_imap.h renamed: inet_ntop.h -> curl_inet_ntop.h renamed: inet_pton.h -> curl_inet_pton.h renamed: krb4.h -> curl_krb4.h renamed: llist.h -> curl_llist.h renamed: memdebug.h -> curl_memdebug.h renamed: multiif.h -> curl_multiif.h renamed: netrc.h -> curl_netrc.h renamed: non-ascii.h -> curl_non-ascii.h renamed: nonblock.h -> curl_nonblock.h renamed: nssg.h -> curl_nssg.h renamed: parsedate.h -> curl_parsedate.h renamed: pingpong.h -> curl_pingpong.h renamed: polarssl.h -> curl_polarssl.h renamed: pop3.h -> curl_pop3.h renamed: progress.h -> curl_progress.h renamed: qssl.h -> curl_qssl.h renamed: rawstr.h -> curl_rawstr.h renamed: rtsp.h -> curl_rtsp.h renamed: select.h -> curl_select.h renamed: sendf.h -> curl_sendf.h renamed: setup.h -> curl_setup.h renamed: setup_once.h -> curl_setup_once.h renamed: share.h -> curl_share.h renamed: slist.h -> curl_slist.h renamed: smtp.h -> curl_smtp.h renamed: sockaddr.h -> curl_sockaddr.h renamed: socks.h -> curl_socks.h renamed: speedcheck.h -> curl_speedcheck.h renamed: splay.h -> curl_splay.h renamed: ssh.h -> curl_ssh.h renamed: sslgen.h -> curl_sslgen.h renamed: ssluse.h -> curl_ssluse.h renamed: strdup.h -> curl_strdup.h renamed: strequal.h -> curl_strequal.h renamed: strerror.h -> curl_strerror.h renamed: strtok.h -> curl_strtok.h renamed: strtoofft.h -> curl_strtoofft.h renamed: telnet.h -> curl_telnet.h renamed: tftp.h -> curl_tftp.h renamed: timeval.h -> curl_timeval.h renamed: transfer.h -> curl_transfer.h renamed: url.h -> curl_url.h renamed: urldata.h -> curl_urldata.h renamed: warnless.h -> curl_warnless.h renamed: wildcard.h -> curl_wildcard.h ----------------------------------------
* build: make use of 76 lib/*.h renamed filesYang Tse2012-12-281-1/+1
| | | | | | 76 private header files renamed to use our standard naming scheme. This change affects 322 files in libcurl's source tree.
* fix a bunch of MSVC compiler warningsYang Tse2011-09-031-3/+4
|
* time.h and sys/time.h inclusion conditionally done in setup_once.hYang Tse2011-07-251-9/+0
|
* cookie_output: made privateDaniel Stenberg2011-06-031-1/+0
|
* compiler warning: fixYang Tse2011-05-211-4/+4
| | | | Fix compiler warning: empty body in an if-statement
* disable cookies: remove ifdefs, move codeDaniel Stenberg2011-04-041-4/+8
| | | | | | | | | | | 1 - make sure to #define macros for cookie functions in the cookie header when cookies are disabled to avoid having to use #ifdefs in code using those functions. 2 - move cookie-specific code to cookie.c and use the functio conditionally as mentioned in (1). net result: 6 #if lines removed, and 9 lines of code less
* remove the CVSish $Id$ linesDaniel Stenberg2010-03-241-1/+0
|
* Indentation fixes, untabify and related whitespace-cleanup. No code changed.Daniel Stenberg2009-02-271-1/+1
|
* - Niklas Angebrand made the cookie support in libcurl properly deal with theDaniel Stenberg2008-01-311-0/+1
| | | | | | | "HttpOnly" feature introduced by Microsoft and apparently also supported by Firefox: http://msdn2.microsoft.com/en-us/library/ms533046.aspx . HttpOnly is now supported when received from servers in HTTP headers, when written to cookie jars and when read from existing cookie jars.
* "Igor" pointed out that CURLOPT_COOKIELIST set to "ALL" leaked memory, and soDaniel Stenberg2008-01-231-2/+2
| | | | did "SESS". Fixed now.
* Added lots of constsDan Fandrich2007-08-291-5/+6
|
* Removed "#ifndef__WATCOMC__". Use "#ifdef HAVE_SYS_TIME_H" instead.Gisle Vanem2006-08-301-1/+3
|
* Watcom lacks <sys/time.h>.Gisle Vanem2006-08-291-1/+1
|
* Silence warning: empty body in an if-statementYang Tse2006-07-311-1/+1
|
* Michael Wallner provided a patch that allows "SESS" to be set withDaniel Stenberg2006-05-241-1/+3
| | | | | CURLOPT_COOKIELIST, which then makes all session cookies get cleared. (slightly edited by me, and the re-indent in cookie.c was also done by me)
* Made the copyright year match the latest modification's year.Daniel Stenberg2006-01-091-1/+1
|
* - Jeff Pohlmeyer found out that if you ask libcurl to load a cookiefile (withDaniel Stenberg2005-08-171-1/+3
| | | | | | | | | | | CURLOPT_COOKIEFILE), add a cookie (with CURLOPT_COOKIELIST), tell it to write the result to a given cookie jar and then never actually call curl_easy_perform() - the given file(s) to read was never read but the output file was written and thus it caused a "funny" result. - While doing some tests for the bug above, I noticed that Firefox generates large numbers (for the expire time) in the cookies.txt file and libcurl didn't treat them properly. Now it does.
* Peteris Krumins added CURLOPT_COOKIELIST and CURLINFO_COOKIELIST, which is aDaniel Stenberg2005-07-271-0/+6
| | | | | simple interface to extracting and setting cookies in libcurl's internal "cookie jar". See the new cookie_interface.c example code.
* removed tabs and trailing whitespace from sourceDaniel Stenberg2004-10-061-1/+1
|
* David Cohen pointed out that RFC2109 says clients should allow cookies toDaniel Stenberg2004-06-221-12/+19
| | | | | | contain least 4096 bytes while libcurl only allowed 2047. I raised the limit to 4999 now and made the used buffer get malloc()ed instead of simply allocated on stack as before.
* updated year in the copyright stringDaniel Stenberg2004-01-071-1/+1
|
* the new cookie functions that require 'data' passed inDaniel Stenberg2003-08-111-2/+6
|
* Many cookie fixes:Daniel Stenberg2003-04-301-5/+4
| | | | | | | | | | | | o Save domains in jars like Mozilla does. It means all domains set in Set-Cookie: headers are dot-prefixed. o Save and use the 'tailmatch' field in the Mozilla/Netscape cookie jars (the second column). o Reject cookies using illegal domains in the Set-Cookie: line. Concerns both domains with too few dots or domains that are outside the currently operating server host's domain. o Set the path part by default to the one used in the request, if none was set in the Set-Cookie line.
* copyright year update in the source headerDaniel Stenberg2003-01-161-1/+1
|
* updated source code boilerplate/headerDaniel Stenberg2002-09-031-7/+7
|
* support for ingoring session cookies addedDaniel Stenberg2002-05-071-3/+4
|
* copyright string (year) updateDaniel Stenberg2002-03-191-1/+1
|
* Nico Baggus' VMS tweaksDaniel Stenberg2002-02-201-1/+1
|
* Now we're setting a default domain for received cookies so that we canDaniel Stenberg2001-09-261-1/+7
| | | | properly match those cookies in subsequent requests
* cookie jar adjustmentsDaniel Stenberg2001-08-291-0/+2
|
* started working on a function for writing (all) cookies, made it possibleDaniel Stenberg2001-08-231-4/+8
| | | | | | to read multiple cookie files, no longer writes to the URL string passed to the _add() function. The new stuff is now conditionally compiled on the COOKIE define. Changed the _init() proto.
* Internal symbols that aren't static are now prefixed with 'Curl_'Daniel Stenberg2001-01-051-5/+5
|
* dual-license fixDaniel Stenberg2001-01-031-0/+22
|
* Added some RFC2109 supportDaniel Stenberg2000-02-011-8/+13
|
View Lorry Controller Status