GNU bug report logs - #24757
25.1.50; url-cookie.el creates phantom cookie for HttpOnly

Previous Next

Package: emacs;

Reported by: Alain Schneble <a.s <at> realize.ch>

Date: Fri, 21 Oct 2016 16:37:02 UTC

Severity: normal

Tags: patch

Merged with 29282

Found in versions 25.1.50, 26.0.90

Fixed in version 26.1

Done: Katsumi Yamaoka <yamaoka <at> jpl.org>

Bug is archived. No further changes may be made.

Full log

Message #16 received at 24757 <at> debbugs.gnu.org (full text, mbox):

From: Katsumi Yamaoka <yamaoka <at> jpl.org>
To: Noam Postavsky <npostavs <at> users.sourceforge.net>
Cc: 24757 <at> debbugs.gnu.org, Alain Schneble <a.s <at> realize.ch>
Subject: Re: bug#24757: 25.1.50;
 url-cookie.el creates phantom cookie for HttpOnly
Date: Thu, 07 Dec 2017 07:47:26 +0900

On Wed, 06 Dec 2017 06:46:00 -0500, Noam Postavsky wrote:
[...]
> In emacs-26, as of [1: caa39f495c], the second cookie is not present,
> but it looks like it unconditionally drops the HttpOnly attribute (and
> all other attributes?).  Is that the right thing?

Yes, I believe so.  Not only HttpOnly but also Expires, Max-Age,
etc. are only attributes of the cookie of which the name appeared
at the beginning of the Set-Cookie header.  Sending such ones to
certain web sites would cause an error as I mentioned below.

> [1: caa39f495c]: 2017-11-13 23:56:26 +0000
>   Fix cookie handling (bug#29282)
>   https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=caa39f495c0783dac2d5701100db83ea10f126c0
This bug report was last modified 6 years and 299 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.