git.ipfire.org Git - thirdparty/curl.git/commit

author	Daniel Stenberg <daniel@haxx.se>
	Wed, 8 Jan 2025 09:19:26 +0000 (10:19 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Fri, 10 Jan 2025 07:20:03 +0000 (08:20 +0100)
commit	386f570df60f58fe9e90dddbda2fdd822a318f04
tree	1e998717732c44f81d823882f76cba362949a94b	tree
parent	533dc84e6e5ea325b0d58bd99be6596421089728	commit \| diff

cookie: cap expire times to 400 days

The pending cookie RFC update (currently known as 6265bis draft-19) says

  Let cookie-age-limit be the maximum age of the cookie (which name of
  Max-Age and an attribute-value of expiry-time. SHOULD be 400 days or
  less.

This change makes received cookies over the wire get capped to 400 days.

It does not cap the expiry date of cookies loaded from file.

It does this by rounding the expire time to a even minute. This, to
allow the test suite to do the same and have a chance to get the same
number for stable testing without requiring a debug build.

The test script generates TWO numbers in the output file for each
%days[] used in the input test file, and the function that subsequently
compares and verifies output is fine with *either* of the two numbers.

This is done so that if the test case is generated the second
immediately before curl runs, that updated expiry number is also deemed
okay. It still checks for an exact match of either number.

Closes #15937

lib/cookie.c		diff \| blob \| blame \| history
tests/FILEFORMAT.md		diff \| blob \| blame \| history
tests/data/test1415		diff \| blob \| blame \| history
tests/data/test31		diff \| blob \| blame \| history
tests/data/test46		diff \| blob \| blame \| history
tests/data/test483		diff \| blob \| blame \| history
tests/data/test506		diff \| blob \| blame \| history
tests/data/test61		diff \| blob \| blame \| history
tests/getpart.pm		diff \| blob \| blame \| history
tests/testutil.pm		diff \| blob \| blame \| history