From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: "Karol Hosiawa" <hosiawak@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#1401: 23.0.60;
	url-cookie-handle-set-cookie doesnt check for trusted urls
Date: Tue, 2 Dec 2008 17:03:42 +0000
Message-ID: <577ed7ae0812020903g62c2394fha38f29de8e3f807a@mail.gmail.com>
References: <577ed7ae0811210723s786a74c1l5f4292e653f04af1@mail.gmail.com>
	<dsiqq3ason.fsf@fencepost.gnu.org>
Reply-To: Karol Hosiawa <hosiawak@gmail.com>, 1401@emacsbugs.donarmstrong.com
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1228240243 6571 80.91.229.12 (2 Dec 2008 17:50:43 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 2 Dec 2008 17:50:43 +0000 (UTC)
To: "Glenn Morris" <rgm@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Dec 02 18:51:46 2008
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1L7ZPV-0002d9-4v
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 02 Dec 2008 18:51:45 +0100
Original-Received: from localhost ([127.0.0.1]:43779 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1L7ZOK-0007Le-8m
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 02 Dec 2008 12:50:32 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1L7ZOE-0007L7-L2
	for bug-gnu-emacs@gnu.org; Tue, 02 Dec 2008 12:50:26 -0500
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1L7ZOC-0007Kl-Oe
	for bug-gnu-emacs@gnu.org; Tue, 02 Dec 2008 12:50:26 -0500
Original-Received: from [199.232.76.173] (port=44822 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1L7ZOC-0007Kg-IU
	for bug-gnu-emacs@gnu.org; Tue, 02 Dec 2008 12:50:24 -0500
Original-Received: from rzlab.ucr.edu ([138.23.92.77]:34053)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <debbugs@rzlab.ucr.edu>) id 1L7ZOC-0007hs-0A
	for bug-gnu-emacs@gnu.org; Tue, 02 Dec 2008 12:50:24 -0500
Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1])
	by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id mB2HoCs4014373; 
	Tue, 2 Dec 2008 09:50:12 -0800
Original-Received: (from debbugs@localhost)
	by rzlab.ucr.edu (8.13.8/8.13.8/Submit) id mB2Ho4Wi013693;
	Tue, 2 Dec 2008 09:50:04 -0800
X-Loop: don@donarmstrong.com
Resent-From: "Karol Hosiawa" <hosiawak@gmail.com>
Resent-To: bug-submit-list@donarmstrong.com
Resent-CC: Emacs Bugs <bug-gnu-emacs@gnu.org>, don@donarmstrong.com
Resent-Date: Tue, 02 Dec 2008 17:50:04 +0000
Resent-Message-ID: <handler.1401.B1401.122823985112366@emacsbugs.donarmstrong.com>
Resent-Sender: don@donarmstrong.com
X-Emacs-PR-Message: report 1401
X-Emacs-PR-Package: emacs,url
X-Emacs-PR-Keywords: 
Original-Received: via spool by 1401-submit@emacsbugs.donarmstrong.com
	id=B1401.122823985112366
	(code B ref 1401); Tue, 02 Dec 2008 17:50:04 +0000
Original-Received: (at 1401) by emacsbugs.donarmstrong.com; 2 Dec 2008 17:44:11 +0000
Original-Received: from fencepost.gnu.org (fencepost.gnu.org [140.186.70.10])
	by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id mB2Hi8WX012359
	for <1401@emacsbugs.donarmstrong.com>; Tue, 2 Dec 2008 09:44:09 -0800
Original-Received: from rgm by fencepost.gnu.org with local (Exim 4.67)
	(envelope-from <rgm@gnu.org>) id 1L7ZHi-0000Ot-2Z
	for 1401@emacsbugs.donarmstrong.com; Tue, 02 Dec 2008 12:43:42 -0500
Resent-Message-ID: <18741.29646.3419.84497@fencepost.gnu.org>
Resent-Date: Tue, 2 Dec 2008 12:43:42 -0500
Resent-From: Glenn Morris <rgm@gnu.org>
Resent-To: 1401@emacsbugs.donarmstrong.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to
	:subject:in-reply-to:mime-version:content-type
	:content-transfer-encoding:content-disposition:references;
	bh=n3zsjyQw3fEYecxVvzHTDTiyivQP051kdj9mMFTLYzY=;
	b=TrtBVRJC7uqHcO0RcuiUUke651EE924xHru+PBc1zWrVKONoHJUCk6h1/JV/hj+BjF
	vYD/WqwsqXZR+fjv9fuOsY5M9YIvvR3IIZgxSKdfUPdEDruNJLraOiVuk30HPuXGHZok
	7slf63cpwUbpwSo+HwaT/tPML44jCnuEx1+JM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:in-reply-to:mime-version
	:content-type:content-transfer-encoding:content-disposition
	:references;
	b=n0PhfwV0lo/xMSINClI2m6NM03qpE98OT+KAVlhD2kwBi6+iG218eyHHM8AamJFRcn
	WqcuYv/9F8sfbOxwsCiXMa2ATcDOTxaJVI5I1LDhBlaUrFC+1nOjzfccnaJXF5Dfv9e/
	uWpE+tswWnRpi3cIKG8WgTF46TpPJbMuIOHes=
In-Reply-To: <dsiqq3ason.fsf@fencepost.gnu.org>
Content-Disposition: inline
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2)
X-Bogosity: no, spamicity=0.059708, v1.0.1
Resent-Date: Tue, 02 Dec 2008 12:43:42 -0500
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3)
X-BeenThere: bug-gnu-emacs@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:22846
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/22846>

I'm writing a client for a webservice in Emacs.

The webservice is trying to set a cookie and here's what I get:

api.blip.pl tried to set a cookie for domain .blip.pl - rejected

Setting:

(setq url-cookie-trusted-urls "api.blip.pl")

doesn't have any effect. A similar client written in JS for Firefox
exists and works fine with the same webservice.

Is this a bug ? I think so, it's either that or a bug in
url-cookie-host-can-set-p function.


2008/12/2 Glenn Morris <rgm@gnu.org>:
> "Karol Hosiawa" wrote:
>
>> The function url-cookie-handle-set-cookie in url-cookie.el
>> doesn't check if url-cookie-trusted-urls is set. It does some
>> preliminary checks but doesn't apply this info in the end.
>
> I'm not sure if this is a bug or not. The function _does_ check the
> value of url-cookie-trusted-urls. It seems to control whether or not
> you get asked for confirmation about accepting cookies (assuming
> url-cookie-confirmation is non-nil, which by default it is not). You
> will never get asked to confirm accpeting cookies from trusted URLs.
>
> What your proposed patch would seem to do is allow trusted urls to set
> any cookies they like, even outside their own domain. I presume this
> corresponds to "third-party cookies". Firefox, for example, has a
> separate option to control this. Currently, url will always reject
> third-party cookies, even from trusted sites. Perhaps there should be
> an option for this (nil, t, 'trusted?).
>

--
Karol Hosiawa