GNU bug report logs - #1401
23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls

Previous Next

Package: emacs;

Reported by: "Karol Hosiawa" <hosiawak <at> gmail.com>

Date: Fri, 21 Nov 2008 15:30:02 UTC

Severity: normal

Tags: fixed, patch

Fixed in version 24.2

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #16 received at 1401 <at> emacsbugs.donarmstrong.com (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: Karol Hosiawa <hosiawak <at> gmail.com>
Cc: 1401 <at> debbugs.gnu.org
Subject: Re: bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls
Date: Tue, 2 Dec 2008 14:12:46 -0500

(Please keep 1401 <at> emacsbugs in the Cc:)


Karol Hosiawa wrote (on Tue, 2 Dec 2008 at 17:03 +0000):

> api.blip.pl tried to set a cookie for domain .blip.pl - rejected


Interesting - your problems arise through being in Poland. :)

It seems to be an instance of this issue:

http://crisp.tweakblogs.net/blog/ie-and-2-letter-domain-names.html

I'm not sure what the right solution is. Adding pl (and gr, and ?) to
url-cookie-two-dot-domains will fix it.

Can anyone with experience in this area say how other browsers handle
this?

This bug report was last modified 13 years and 101 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #1401 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls

GNU bug report logs - #1401
23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls