[Webkit-unassigned] [Bug 34289] WebSocket ignores HttpOnly cookies, but should use in Handshake.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 12 00:07:20 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=34289
--- Comment #8 from Fumitoshi Ukai <ukai at chromium.org> 2010-02-12 00:07:20 PST ---
(In reply to comment #6)
> (From update of attachment 48608 [details])
> String cookies(const Document*, const KURL&);
> + String cookieRequestHeaderFieldValue(const Document*, const KURL&);
>
> Looking at this, I think that there should be a comment explaining that
> cookies() omits HttpOnly cookies.
>
> + "-x", "/websocket/tests/cookies",
>
> Ideally, we should be able to set his to "/websocket/tests". That way, no one
> will get surprised by trying to add a .pl test to another subdirectory. Of
> course, pywebsocket would need to learn how to distinguish .html and .pl files.
I see. File another bug. https://bugs.webkit.org/show_bug.cgi?id=34879
>
> >I think this is because these belong to different port.
>
> Indeed, I keep forgetting about this!
>
> > Do you think we should remove this warning?
>
> It seems confusing, as we're passing a specific directory for CGIs.
>
> This warning is not necessary for WebKit, since it's fairly clear that a
> machine running Apache on LayoutTests/http/tests on an external interface is
> vulnerable to attacks (by default, it only binds to 127.0.0.1 loopback).
> Websocket tests do not seem to add much to this.
>
> r=me
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list