cookies: allow secure override when done over HTTPS

Added test 1562 to verify.

Reported-by: Jeroen Ooms
Fixes #3445
Closes #3450
This commit is contained in:
Daniel Stenberg 2019-01-09 10:11:58 +01:00
parent 4c35574bb7
commit afeb8d9902
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
3 changed files with 75 additions and 3 deletions

View File

@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@ -951,7 +951,7 @@ Curl_cookie_add(struct Curl_easy *data,
/* the domains were identical */
if(clist->spath && co->spath) {
if(clist->secure && !co->secure) {
if(clist->secure && !co->secure && !secure) {
size_t cllen;
const char *sep;

View File

@ -177,7 +177,7 @@ test1533 test1534 test1535 test1536 test1537 test1538 \
test1540 \
test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \
\
test1560 test1561 \
test1560 test1561 test1562 \
\
test1590 test1591 test1592 \
\

72
tests/data/test1562 Normal file
View File

@ -0,0 +1,72 @@
<testcase>
<info>
<keywords>
HTTPS
HTTP
HTTP GET
cookies
HTTP replaced headers
</keywords>
</info>
# Server-side
<reply>
<data1>
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Set-Cookie: foo=123; path=/; secure;
Content-Length: 7
nomnom
</data1>
<data2>
HTTP/1.1 200 OK
Date: Thu, 09 Nov 2010 14:49:00 GMT
Server: test-server/fake
Set-Cookie: foo=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Path=/
Content-Length: 7
nomnom
</data2>
</reply>
# Client-side
<client>
<features>
SSL
</features>
<server>
http
https
</server>
<name>
Expire secure cookies over HTTPS
</name>
<command>
-k https://%HOSTIP:%HTTPSPORT/15620001 -H "Host: www.example.com" https://%HOSTIP:%HTTPSPORT/15620002 -b "non-existing" https://%HOSTIP:%HTTPSPORT/15620001
</command>
</client>
<verify>
<strip>
^User-Agent:.*
</strip>
<protocol>
GET /15620001 HTTP/1.1
Host: www.example.com
Accept: */*
GET /15620002 HTTP/1.1
Host: www.example.com
Accept: */*
Cookie: foo=123
GET /15620001 HTTP/1.1
Host: www.example.com
Accept: */*
</protocol>
</verify>
</testcase>