From 090ee789dda468fe0d9b715ec4e5dc47a948a239 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Wed, 2 Mar 2016 11:07:16 +0100
Subject: [PATCH] cookie: do not refuse cookies for localhost
Closes #658
---
lib/cookie.c | 10 ++++++----
tests/data/test1136 | 1 +
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/lib/cookie.c b/lib/cookie.c
index d62f446..e5c7b7e 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -788,10 +788,12 @@ Curl_cookie_add(struct SessionHandle *data,
#ifdef USE_LIBPSL
/* Check if the domain is a Public Suffix and if yes, ignore the cookie.
This needs a libpsl compiled with builtin data. */
- if(co->domain && !isip(co->domain) && (psl = psl_builtin()) != NULL) {
- if(psl_is_public_suffix(psl, co->domain)) {
- infof(data, "cookie '%s' dropped, domain '%s' is a public suffix\n",
- co->name, co->domain);
+ if(domain && co->domain && !isip(co->domain)) {
+ if (((psl = psl_builtin()) != NULL)
+ && !psl_is_cookie_domain_acceptable(psl, domain, co->domain)) {
+ infof(data,
+ "cookie '%s' dropped, domain '%s' must not set cookies for '%s'\n",
+ co->name, domain, co->domain);
freecookie(co);
return NULL;
}
diff --git a/tests/data/test1136 b/tests/data/test1136
index e42ca06..d3327e8 100644
--- a/tests/data/test1136
+++ b/tests/data/test1136
@@ -58,6 +58,7 @@ http://www.example.ck/1136 http://www.ck/1136 http://z-1.compute-1.amazonaws.com
.www.example.ck TRUE / FALSE 0 test2 allowed2
.www.ck TRUE / FALSE 0 test4 allowed4
+.z-1.compute-1.amazonaws.com TRUE / FALSE 0 test5 forbidden5
</file>
</verify>
</testcase>
--
2.5.0