Skip to content
Snippets Groups Projects
Commit 98ee12bc authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Jan Sundin reported a case where curl ignored a cookie that browsers don't,

  which turned up to be due to the number of dots in the 'domain'. I've now
  made curl follow the the original netscape cookie spec less strict on that
  part.
parent fdda786f
No related branches found
No related tags found
No related merge requests found
......@@ -234,7 +234,13 @@ Curl_cookie_add(struct CookieInfo *c,
break;
}
}
if(dotcount < 3) {
/* The original Netscape cookie spec defined that this domain name
MUST have three dots (or two if one of the seven holy TLDs),
but it seems that these kinds of cookies are in use "out there"
so we cannot be that strict. I've therefore lowered the check
to not allow less than two dots. */
if(dotcount < 2) {
/* Received and skipped a cookie with a domain using too few
dots. */
badcookie=TRUE; /* mark this as a bad cookie */
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment