commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From marcs...@apache.org
Subject cvs commit: jakarta-commons/httpclient/src/java/org/apache/commons/httpclient Cookie.java
Date Tue, 23 Apr 2002 18:59:47 GMT
marcsaeg    02/04/23 11:59:47

  Modified:    httpclient/src/java/org/apache/commons/httpclient
                        Cookie.java
  Log:
  No longer throw an HttpException when a secure cookie is received on a
  non-secure connection.  According to RFC 2109 this is not an invalid
  thing to do.
  
  However, createCookieHeader() still only adds secure cookies to a Cookie
  header if the connection is secure.
  
  Revision  Changes    Path
  1.17      +4 -16     jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java
  
  Index: Cookie.java
  ===================================================================
  RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java,v
  retrieving revision 1.16
  retrieving revision 1.17
  diff -u -r1.16 -r1.17
  --- Cookie.java	15 Mar 2002 22:51:08 -0000	1.16
  +++ Cookie.java	23 Apr 2002 18:59:47 -0000	1.17
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java,v
1.16 2002/03/15 22:51:08 marcsaeg Exp $
  - * $Revision: 1.16 $
  - * $Date: 2002/03/15 22:51:08 $
  + * $Header: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java,v
1.17 2002/04/23 18:59:47 marcsaeg Exp $
  + * $Revision: 1.17 $
  + * $Date: 2002/04/23 18:59:47 $
    * ====================================================================
    *
    * The Apache Software License, Version 1.1
  @@ -90,7 +90,7 @@
    * @author Sean C. Sullivan
    * @author <a href="mailto:JEvans@Cyveillance.com">John Evans</a>
    * @author Marc A. Saegesser
  - * @version $Revision: 1.16 $ $Date: 2002/03/15 22:51:08 $
  + * @version $Revision: 1.17 $ $Date: 2002/04/23 18:59:47 $
    */
   
   public class Cookie extends NameValuePair implements Serializable, Comparator {
  @@ -933,18 +933,6 @@
                               " Illegal domain attribute " + cookie.getDomain());
                       }
                   }
  -            }
  -
  -            // another security check... we musn't allow the server to give us a
  -            // secure cookie over an insecure channel
  -
  -            if(cookie.getSecure() && !secure) {
  -                if(log.isInfoEnabled()) {
  -                    log.info("Cookie.parse(): Rejecting set cookie header \"" + setCookie.getValue()
+ "\" because \"" + cookie.getName() + "\" has an illegal secure attribute (\"" + cookie.getSecure()
+ "\") for the given security  \"" + secure + "\".");
  -                }
  -                throw new HttpException(
  -                    "Bad Set-Cookie header: " + setCookie.getValue() +
  -                    " Secure cookie sent over a non-secure channel.");
               }
   
               // another security check... we musn't allow the server to give us a
  
  
  

--
To unsubscribe, e-mail:   <mailto:commons-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:commons-dev-help@jakarta.apache.org>


Mime
View raw message