Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
T
TLMSP curl
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
CYBER - Cyber Security
TS 103 523 MSP
TLMSP
TLMSP curl
Commits
2c4fcf2e
Commit
2c4fcf2e
authored
15 years ago
by
Daniel Stenberg
Browse files
Options
Downloads
Patches
Plain Diff
5.3 Sort outgoing cookies
5.4 Rearrange request header order Things to play with when you're bored
parent
68116251
No related branches found
Branches containing commit
No related tags found
Tags containing commit
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
docs/TODO
+22
-0
22 additions, 0 deletions
docs/TODO
with
22 additions
and
0 deletions
docs/TODO
+
22
−
0
View file @
2c4fcf2e
...
...
@@ -38,6 +38,8 @@
5. HTTP
5.1 Better persistency for HTTP 1.0
5.2 support FF3 sqlite cookie files
5.3 Sort outgoing cookies
5.4 Rearrange request header order
6. TELNET
6.1 ditch stdin
...
...
@@ -242,6 +244,26 @@
We should consider how (lib)curl can/should support this.
http://curl.haxx.se/bug/feature.cgi?id=1871388
5.3 Sort outgoing cookies
All the major browsers sort the cookies sent in the Cookie: header based on
the length of the path for which the cookie is set with. This could lead to
a small fraction of servers to not play well with curl:
http://www.ietf.org/mail-archive/web/http-state/current/msg00150.html
5.4 Rearrange request header order
Server implementors often make an effort to detect browser and to reject
clients it can detect to not match. One of the last details we cannot yet
control in libcurl's HTTP requests, which also can be exploited to detect
that libcurl is in fact used even when it tries to impersonate a browser, is
the order of the request headers. I propose that we introduce a new option in
which you give headers a value, and then when the HTTP request is built it
sorts the headers based on that number. We could then have internally created
headers use a default value so only headers that need to be moved have to be
specified.
6. TELNET
6.1 ditch stdin
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment