[Webkit-unassigned] [Bug 34289] WebSocket ignores HttpOnly cookies, but should use in Handshake.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 11 19:42:45 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=34289
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #48608|review? |review+
Flag| |
--- Comment #6 from Alexey Proskuryakov <ap at webkit.org> 2010-02-11 19:42:45 PST ---
(From update of attachment 48608)
String cookies(const Document*, const KURL&);
+ String cookieRequestHeaderFieldValue(const Document*, const KURL&);
Looking at this, I think that there should be a comment explaining that
cookies() omits HttpOnly cookies.
+ "-x", "/websocket/tests/cookies",
Ideally, we should be able to set his to "/websocket/tests". That way, no one
will get surprised by trying to add a .pl test to another subdirectory. Of
course, pywebsocket would need to learn how to distinguish .html and .pl files.
>I think this is because these belong to different port.
Indeed, I keep forgetting about this!
> Do you think we should remove this warning?
It seems confusing, as we're passing a specific directory for CGIs.
This warning is not necessary for WebKit, since it's fairly clear that a
machine running Apache on LayoutTests/http/tests on an external interface is
vulnerable to attacks (by default, it only binds to 127.0.0.1 loopback).
Websocket tests do not seem to add much to this.
r=me
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list