From: "Karol Hosiawa" <hosiawak@gmail.com>
To: "Glenn Morris" <rgm@gnu.org>
Subject: bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls
Date: Tue, 2 Dec 2008 17:03:42 +0000 [thread overview]
Message-ID: <577ed7ae0812020903g62c2394fha38f29de8e3f807a@mail.gmail.com> (raw)
In-Reply-To: <dsiqq3ason.fsf@fencepost.gnu.org>
I'm writing a client for a webservice in Emacs.
The webservice is trying to set a cookie and here's what I get:
api.blip.pl tried to set a cookie for domain .blip.pl - rejected
Setting:
(setq url-cookie-trusted-urls "api.blip.pl")
doesn't have any effect. A similar client written in JS for Firefox
exists and works fine with the same webservice.
Is this a bug ? I think so, it's either that or a bug in
url-cookie-host-can-set-p function.
2008/12/2 Glenn Morris <rgm@gnu.org>:
> "Karol Hosiawa" wrote:
>
>> The function url-cookie-handle-set-cookie in url-cookie.el
>> doesn't check if url-cookie-trusted-urls is set. It does some
>> preliminary checks but doesn't apply this info in the end.
>
> I'm not sure if this is a bug or not. The function _does_ check the
> value of url-cookie-trusted-urls. It seems to control whether or not
> you get asked for confirmation about accepting cookies (assuming
> url-cookie-confirmation is non-nil, which by default it is not). You
> will never get asked to confirm accpeting cookies from trusted URLs.
>
> What your proposed patch would seem to do is allow trusted urls to set
> any cookies they like, even outside their own domain. I presume this
> corresponds to "third-party cookies". Firefox, for example, has a
> separate option to control this. Currently, url will always reject
> third-party cookies, even from trusted sites. Perhaps there should be
> an option for this (nil, t, 'trusted?).
>
--
Karol Hosiawa
next prev parent reply other threads:[~2008-12-02 17:03 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-21 15:23 bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls Karol Hosiawa
2008-12-02 8:26 ` Glenn Morris
2008-12-02 17:03 ` Karol Hosiawa [this message]
2008-12-02 19:12 ` Glenn Morris
2008-12-02 20:44 ` Karol Hosiawa
2008-12-02 20:56 ` Glenn Morris
2011-09-11 18:16 ` Lars Magne Ingebrigtsen
2011-09-12 17:52 ` Glenn Morris
2011-09-13 19:38 ` Lars Magne Ingebrigtsen
2011-09-13 21:20 ` Glenn Morris
2011-09-13 21:22 ` Lars Magne Ingebrigtsen
2011-09-13 21:33 ` Glenn Morris
2011-09-15 0:33 ` Lars Magne Ingebrigtsen
2011-09-15 1:24 ` Stefan Monnier
2011-09-15 5:42 ` Lars Magne Ingebrigtsen
2012-04-10 1:53 ` Lars Magne Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=577ed7ae0812020903g62c2394fha38f29de8e3f807a@mail.gmail.com \
--to=hosiawak@gmail.com \
--cc=1401@emacsbugs.donarmstrong.com \
--cc=rgm@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).