We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
curl -v -c cookies.txt -X POST http://prod.thenile.dev:8080/auth/login --header 'Content-Type: application/json' --data-raw $'{\n "email": "blahblah",\n "password": "xxx"\n}' -i
Part of the result was a cookie:
Set-Cookie: token=eyJhbGciblahblah;Version=1;Domain=;Path=/;Max-Age=86400;HttpOnly
Note that the Domain is an empty string.
Expected curl to store the cookie using the hostname as a domain (i.e. treat it the same as if the field was completely missing).
RFC 6265 has this behavior as "client should", and most browsers support it (Chrome: https://source.chromium.org/chromium/chromium/src/+/main:net/cookies/cookie_util.cc;l=290)
curl 7.79.1 (x86_64-apple-darwin21.0) libcurl/7.79.1 (SecureTransport) LibreSSL/3.3.6 zlib/1.2.11 nghttp2/1.45.1 Release-Date: 2021-09-22 Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz MultiSSL NTLM NTLM_WB SPNEGO SSL UnixSockets
MacOS Monterey 12.4
Darwin Gwens-MBP.attlocal.net 21.5.0 Darwin Kernel Version 21.5.0: Tue Apr 26 21:08:37 PDT 2022; root:xnu-8020.121.3~4/RELEASE_ARM64_T6000 arm64
The text was updated successfully, but these errors were encountered:
cookie: treat a blank domain in Set-Cookie: as non-existing
0910b5c
This matches what RFC 6265 section 5.2.3 says. Extended test 31 to verify. Fixes #9164 Reported-by: Gwen Shapira
4c0ac2a
bagder
Successfully merging a pull request may close this issue.
I did this
Part of the result was a cookie:
Note that the Domain is an empty string.
I expected the following
Expected curl to store the cookie using the hostname as a domain (i.e. treat it the same as if the field was completely missing).
RFC 6265 has this behavior as "client should", and most browsers support it (Chrome: https://source.chromium.org/chromium/chromium/src/+/main:net/cookies/cookie_util.cc;l=290)
curl/libcurl version
operating system
MacOS Monterey 12.4
The text was updated successfully, but these errors were encountered: