cookies: leave secure cookies alone
Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.
Closes #2956
Reviewed-by: 
Daniel Stenberg <daniel@haxx.se>
Showing
- docs/HTTP-COOKIES.md 3 additions, 1 deletiondocs/HTTP-COOKIES.md
- docs/TODO 0 additions, 8 deletionsdocs/TODO
- lib/cookie.c 48 additions, 7 deletionslib/cookie.c
- lib/cookie.h 3 additions, 2 deletionslib/cookie.h
- lib/http.c 3 additions, 1 deletionlib/http.c
- lib/setopt.c 2 additions, 2 deletionslib/setopt.c
- tests/data/Makefile.inc 1 addition, 1 deletiontests/data/Makefile.inc
- tests/data/test1155 2 additions, 2 deletionstests/data/test1155
- tests/data/test1561 86 additions, 0 deletionstests/data/test1561
- tests/data/test31 0 additions, 18 deletionstests/data/test31
- tests/data/test61 0 additions, 1 deletiontests/data/test61
Loading
Please register or sign in to comment