diff options
| author | Claudio Saavedra <csaavedra@igalia.com> | 2018-09-24 18:03:17 +0300 |
|---|---|---|
| committer | Claudio Saavedra <csaavedra@igalia.com> | 2019-05-22 14:59:14 +0000 |
| commit | de1d1fc5fffe814b6a983d0a43b61111d22f987f (patch) | |
| tree | f828dc5625559e111eb68edc1a4586419855f6fc | |
| parent | 6e1624c11fe8a3528589c9aa2b396d477f3b185e (diff) | |
| download | libsoup-de1d1fc5fffe814b6a983d0a43b61111d22f987f.tar.gz | |
Ignore STS header fields with duplicate directives
Use the recently added strict parameter parsing method to check
for duplicate directives and ignore them, as per the specification.
Uncomment the duplicate directives test.
| -rw-r--r-- | libsoup/soup-hsts-policy.c | 5 | ||||
| -rw-r--r-- | tests/hsts-test.c | 4 |
2 files changed, 5 insertions, 4 deletions
diff --git a/libsoup/soup-hsts-policy.c b/libsoup/soup-hsts-policy.c index 4a9dfa1a..794b4d8d 100644 --- a/libsoup/soup-hsts-policy.c +++ b/libsoup/soup-hsts-policy.c @@ -272,7 +272,10 @@ soup_hsts_policy_new_from_response (SoupMessage *msg) uri = soup_message_get_uri (msg); - params = soup_header_parse_semi_param_list (value); + params = soup_header_parse_semi_param_list_strict (value); + + if (!params) + return NULL; max_age_str = g_hash_table_lookup (params, "max-age"); diff --git a/tests/hsts-test.c b/tests/hsts-test.c index ae40495f..aba7859c 100644 --- a/tests/hsts-test.c +++ b/tests/hsts-test.c @@ -466,9 +466,7 @@ main (int argc, char **argv) g_test_add_func ("/hsts/missing-values", do_hsts_missing_values_test); g_test_add_func ("/hsts/invalid-values", do_hsts_invalid_values_test); g_test_add_func ("/hsts/extra-values", do_hsts_extra_values_test); - /* This test is skipped because soup_header_parse_semi_param_list() does not - take into account duplicated directives/parameters. */ - /* g_test_add_func ("/hsts/duplicated-directives", do_hsts_duplicated_directives_test); */ + g_test_add_func ("/hsts/duplicated-directives", do_hsts_duplicated_directives_test); g_test_add_func ("/hsts/case-insensitive-header", do_hsts_case_insensitive_header_test); g_test_add_func ("/hsts/case-insensitive-directives", do_hsts_case_insensitive_directives_test); g_test_add_func ("/hsts/optional-quotations", do_hsts_optional_quotations_test); |