* Priority of url-cookie-trusted-urls vs url-cookie-untrusted-urls
@ 2020-07-31 14:48 T.V Raman
2020-07-31 14:54 ` Andreas Schwab
0 siblings, 1 reply; 5+ messages in thread
From: T.V Raman @ 2020-07-31 14:48 UTC (permalink / raw)
To: emacs-devel
The URL package has these two custom settings:
url-cookie-trusted-urls
url-cookie-untrusted-urls
both take a list of regex.
From what I observe, if you set url-cookie-untrusted-urls to '(".*"),
then the setting in url-cookie-trusted-urls e.g. '("example.com") has
no effect. This makes it hard to set up emacs/eww to not trust any
domain, and then progressively allow a few domains to set cookies;
could the priority order of these settings be reversed?
--
--
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Priority of url-cookie-trusted-urls vs url-cookie-untrusted-urls
2020-07-31 14:48 Priority of url-cookie-trusted-urls vs url-cookie-untrusted-urls T.V Raman
@ 2020-07-31 14:54 ` Andreas Schwab
2020-07-31 15:00 ` T.V Raman
2020-07-31 15:12 ` Stefan Monnier
0 siblings, 2 replies; 5+ messages in thread
From: Andreas Schwab @ 2020-07-31 14:54 UTC (permalink / raw)
To: T.V Raman; +Cc: emacs-devel
On Jul 31 2020, T.V Raman wrote:
> From what I observe, if you set url-cookie-untrusted-urls to '(".*"),
> then the setting in url-cookie-trusted-urls e.g. '("example.com") has
> no effect. This makes it hard to set up emacs/eww to not trust any
> domain, and then progressively allow a few domains to set cookies;
> could the priority order of these settings be reversed?
If you set url-cookie-untrusted-urls to ("") it will always be less
specific than any match from url-cookie-trusted-urls.
Andreas.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1
"And now for something completely different."
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Priority of url-cookie-trusted-urls vs url-cookie-untrusted-urls
2020-07-31 14:54 ` Andreas Schwab
@ 2020-07-31 15:00 ` T.V Raman
2020-07-31 15:12 ` Stefan Monnier
1 sibling, 0 replies; 5+ messages in thread
From: T.V Raman @ 2020-07-31 15:00 UTC (permalink / raw)
To: schwab; +Cc: raman, emacs-devel
Will try that -- might be worth adding this to the docs for those options.
--
Id: kg:/m/0285kf1
--
Id: kg:/m/0285kf1
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Priority of url-cookie-trusted-urls vs url-cookie-untrusted-urls
2020-07-31 14:54 ` Andreas Schwab
2020-07-31 15:00 ` T.V Raman
@ 2020-07-31 15:12 ` Stefan Monnier
2020-07-31 15:20 ` T.V Raman
1 sibling, 1 reply; 5+ messages in thread
From: Stefan Monnier @ 2020-07-31 15:12 UTC (permalink / raw)
To: Andreas Schwab; +Cc: emacs-devel, T.V Raman
>> From what I observe, if you set url-cookie-untrusted-urls to '(".*"),
>> then the setting in url-cookie-trusted-urls e.g. '("example.com") has
>> no effect. This makes it hard to set up emacs/eww to not trust any
>> domain, and then progressively allow a few domains to set cookies;
>> could the priority order of these settings be reversed?
>
> If you set url-cookie-untrusted-urls to ("") it will always be less
> specific than any match from url-cookie-trusted-urls.
IIUC which one takes precedence depends on the length of the
match, right? If so, the docstring should say so.
Stefan
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Priority of url-cookie-trusted-urls vs url-cookie-untrusted-urls
2020-07-31 15:12 ` Stefan Monnier
@ 2020-07-31 15:20 ` T.V Raman
0 siblings, 0 replies; 5+ messages in thread
From: T.V Raman @ 2020-07-31 15:20 UTC (permalink / raw)
To: monnier; +Cc: schwab, raman, emacs-devel
Might be better to redo this with a simple filter/unfilter logic
analogous to traditional allow/deny configurations in unix eg
allowed_hosts vs denied_hosts. As it stands, one will always need to
read the source code to know exactly what this does
Stefan Monnier writes:
> >> From what I observe, if you set url-cookie-untrusted-urls to '(".*"),
> >> then the setting in url-cookie-trusted-urls e.g. '("example.com") has
> >> no effect. This makes it hard to set up emacs/eww to not trust any
> >> domain, and then progressively allow a few domains to set cookies;
> >> could the priority order of these settings be reversed?
> >
> > If you set url-cookie-untrusted-urls to ("") it will always be less
> > specific than any match from url-cookie-trusted-urls.
>
> IIUC which one takes precedence depends on the length of the
> match, right? If so, the docstring should say so.
>
>
> Stefan
--
Id: kg:/m/0285kf1
--
Id: kg:/m/0285kf1
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-07-31 15:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-07-31 14:48 Priority of url-cookie-trusted-urls vs url-cookie-untrusted-urls T.V Raman
2020-07-31 14:54 ` Andreas Schwab
2020-07-31 15:00 ` T.V Raman
2020-07-31 15:12 ` Stefan Monnier
2020-07-31 15:20 ` T.V Raman
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).