5.3 Sort outgoing cookies

5.4 Rearrange request header order Things to play with when you're bored

5.3 Sort outgoing cookies
2c4fcf2e · Daniel Stenberg · 68116251 · 2c4fcf2e
Commit 2c4fcf2e authored 15 years ago by Daniel Stenberg
--- a/docs/TODO
+++ b/docs/TODO
@@ -38,6 +38,8 @@
 5. HTTP
 5.1 Better persistency for HTTP 1.0
 5.2 support FF3 sqlite cookie files
+ 5.3 Sort outgoing cookies
+ 5.4 Rearrange request header order

 6. TELNET
 6.1 ditch stdin
@@ -242,6 +244,26 @@
 We should consider how (lib)curl can/should support this.
 http://curl.haxx.se/bug/feature.cgi?id=1871388

+5.3 Sort outgoing cookies
+
+ All the major browsers sort the cookies sent in the Cookie: header based on
+ the length of the path for which the cookie is set with. This could lead to
+ a small fraction of servers to not play well with curl:
+ http://www.ietf.org/mail-archive/web/http-state/current/msg00150.html
+
+5.4 Rearrange request header order
+
+ Server implementors often make an effort to detect browser and to reject
+ clients it can detect to not match. One of the last details we cannot yet
+ control in libcurl's HTTP requests, which also can be exploited to detect
+ that libcurl is in fact used even when it tries to impersonate a browser, is
+ the order of the request headers. I propose that we introduce a new option in
+ which you give headers a value, and then when the HTTP request is built it
+ sorts the headers based on that number. We could then have internally created
+ headers use a default value so only headers that need to be moved have to be
+ specified.
+
+
 6. TELNET

 6.1 ditch stdin