[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] Silently rejecting '.domain.tld' cookies from http://doma
From: |
Claudio Calvelli |
Subject: |
Re: [Lynx-dev] Silently rejecting '.domain.tld' cookies from http://domain.tld |
Date: |
Sun, 27 Apr 2008 00:07:42 +0100 |
Doug Kaufman wrote:
> Please check your lynx.cfg file. It sounds as if you have
> "COOKIE_STRICT_INVALID_DOMAINS" set. You probably want
> "COOKIE_LOOSE_INVALID_DOMAINS" or "COOKIE_QUERY_INVALID_DOMAINS".
They are all commented out in lynx.cfg (and the corresponding lower
case names are set to empty strings in .lynxrc), so it should apply
the default (ask user).
If I add .launchpad.net to COOKIE_LOOSE_INVALID_DOMAINS, the
cookie is still rejected, the only difference in the trace is the
value reported for invcheck_bv:
Loading cfg file '/etc/lynx.cfg'.
opening config file /etc/lynx.cfg
lynx_chg_color(color=6, fg=9, bg=0)
lynx_map_color(6)
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 326: find_domain_entry(.launchpad.net)
bv:-1, invcheck_bv:-1
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 2649: cookie_domain_flag_set
(.launchpad.net, bv=2, invcheck_bv=2)
...
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 1782: LYSetCookie called with host
'launchpad.net', path '/',
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 1784: and Set-Cookie:
'lp=OxeeFGB6-UYGJDWligbykDrM7HsM9jbUVW2xCCeZY59-xDJEGCL4Cc;
Domain=.launchpad.net; expires=SuLYmktime: Parsing 'Sun, 26 Apr 2009 22:25:16
GMT'
LYmktime: clock=1240784716, ctime=Sun Apr 26 23:25:16 2009
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 1077: LYSetCookie: expires 1240784716, Sun
Apr 26 23:25:16 2009
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 1714: LYProcessSetCookie: attr=value pair:
'lp=OxeeFGB6-UYGJDWligbykDrM7HsM9jbUVW2xCCeZY59-xDJEGCL4Cc'
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 1718: expires:
1240784716, Sun Apr 26 23:25:16 2009
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 315: ...test_domain_entry(.launchpad.net)
bv:2, invcheck_bv:2
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 326: find_domain_entry(.launchpad.net)
bv:2, invcheck_bv:2
/tmp/lynx2-8-7-dev8/src/LYCookie.c: 442: store_cookie: Rejecting domain
'.launchpad.net' for host 'launchpad.net'.
Same result if I use COOKIE_QUERY_INVALID_DOMAINS, with the difference
that the trace shows invcheck_bv:0 instead of invcheck_bv:2.
Looking at the source code, store_cookie doesn't look at the value of
invcheck_bv in this case ("Section 4.3.2, condition 3"), so the values
of COOKIE_*_INVALID_DOMAINS will have no effect on the result.
I copied the code checking the value of invcheck_bv to the bit of
store_cookie which rejects this cookie, and now I do get asked
"Accept invalid cookie domain=.launchpad.net for 'launchpad.net'? (n)"
-- however, the cookie is stored but not used (it appears in the
cookie jar, but it is not sent with the HTTP request). So this does
not help either.
C