[Webkit-unassigned] [Bug 34289] WebSocket ignores HttpOnly cookies, but should use in Handshake.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Feb 12 00:07:20 PST 2010


https://bugs.webkit.org/show_bug.cgi?id=34289





--- Comment #8 from Fumitoshi Ukai <ukai at chromium.org>  2010-02-12 00:07:20 PST ---
(In reply to comment #6)
> (From update of attachment 48608 [details])
>      String cookies(const Document*, const KURL&);
> +    String cookieRequestHeaderFieldValue(const Document*, const KURL&);
> 
> Looking at this, I think that there should be a comment explaining that
> cookies() omits HttpOnly cookies.
> 
> +        "-x", "/websocket/tests/cookies",
> 
> Ideally, we should be able to set his to "/websocket/tests". That way, no one
> will get surprised by trying to add a .pl test to another subdirectory. Of
> course, pywebsocket would need to learn how to distinguish .html and .pl files.

I see.  File another bug. https://bugs.webkit.org/show_bug.cgi?id=34879

> 
> >I think this is because these belong to different port.
> 
> Indeed, I keep forgetting about this!
> 
> > Do you think we should remove this warning?
> 
> It seems confusing, as we're passing a specific directory for CGIs.
> 
> This warning is not necessary for WebKit, since it's fairly clear that a
> machine running Apache on LayoutTests/http/tests on an external interface is
> vulnerable to attacks (by default, it only binds to 127.0.0.1 loopback).
> Websocket tests do not seem to add much to this.
> 
> r=me

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list