From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Stefan Monnier <monnier@iro.umontreal.ca>
Newsgroups: gmane.emacs.devel
Subject: Re: Priority of url-cookie-trusted-urls vs url-cookie-untrusted-urls
Date: Fri, 31 Jul 2020 11:12:50 -0400
Message-ID: <jwvlfizen1r.fsf-monnier+emacs@gnu.org>
References: <20200731144809.6E89CC21C82@raman-glaptop.localdomain>
 <87d04b20qt.fsf@igel.home>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="468"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
Cc: emacs-devel@gnu.org, "T.V Raman" <raman@google.com>
To: Andreas Schwab <schwab@linux-m68k.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Fri Jul 31 17:13:46 2020
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1k1WjB-000Aco-Rw
	for ged-emacs-devel@m.gmane-mx.org; Fri, 31 Jul 2020 17:13:45 +0200
Original-Received: from localhost ([::1]:44906 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1k1WjA-0006fe-Sg
	for ged-emacs-devel@m.gmane-mx.org; Fri, 31 Jul 2020 11:13:44 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:34880)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <monnier@iro.umontreal.ca>)
 id 1k1WiW-0006DQ-QM
 for emacs-devel@gnu.org; Fri, 31 Jul 2020 11:13:04 -0400
Original-Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:3918)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <monnier@iro.umontreal.ca>)
 id 1k1WiU-0004yz-1s
 for emacs-devel@gnu.org; Fri, 31 Jul 2020 11:13:03 -0400
Original-Received: from pmg1.iro.umontreal.ca (localhost.localdomain [127.0.0.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id F3360100F88;
 Fri, 31 Jul 2020 11:12:52 -0400 (EDT)
Original-Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id 36CEB10082B;
 Fri, 31 Jul 2020 11:12:51 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
 s=mail; t=1596208371;
 bh=yFPCIAGV+dnY0hTxfT3TemJW3VqgeIGFKKImpsdk0gY=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
 b=POW+DAJwCGQ50No/jn+gcLhfTw3qDOP/mV72em+Bv5K7AVGgHolO/OVHT5B6WKr6w
 m21HuhZ1kOLvmKNX8cTJtv1BtlY6OmKYubMeInqZcilKFrbHsQV6vIGhM4BhRylM7d
 BggniXTyQ3O4t/toF4k4q9N13Hx1ox4VhEE6svekUoNOJwYaCMnIy+U3MX1RZHpGpu
 vHRpD3mQaC4F8Q9naTAahe/rcHB2GKlSM4dcz5DDQocpl3Pu/gDrRCcE3Sh3Pod8lU
 P2jokZOmqvlMa7tf//2jUNnAR/wCzvBR2o0u3kC22v6PTARBJiGE03fMkM9ZK1DyOv
 jAnLzFdI+PMsg==
Original-Received: from milanesa (unknown [45.72.246.108])
 by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id 020A11203D6;
 Fri, 31 Jul 2020 11:12:50 -0400 (EDT)
In-Reply-To: <87d04b20qt.fsf@igel.home> (Andreas Schwab's message of "Fri, 31
 Jul 2020 16:54:50 +0200")
Received-SPF: pass client-ip=132.204.25.50;
 envelope-from=monnier@iro.umontreal.ca; helo=mailscanner.iro.umontreal.ca
X-detected-operating-system: by eggs.gnu.org: First seen = 2020/07/31 11:12:53
X-ACL-Warn: Detected OS   = Linux 2.2.x-3.x [generic]
X-Spam_score_int: -42
X-Spam_score: -4.3
X-Spam_bar: ----
X-Spam_report: (-4.3 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:253368
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/253368>

>> From what I observe, if you set url-cookie-untrusted-urls to '(".*"),
>> then the setting in url-cookie-trusted-urls e.g. '("example.com") has
>> no effect. This makes it hard to set up emacs/eww to not trust any
>> domain, and then progressively allow a few domains to set cookies;
>> could the  priority order of these settings be reversed?
>
> If you set url-cookie-untrusted-urls to ("") it will always be less
> specific than any match from url-cookie-trusted-urls.

IIUC which one takes precedence depends on the length of the
match, right?  If so, the docstring should say so.


        Stefan