hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1264) Need CookiePolicy.BROWSER_COMPATIBILITY_MEDIUM_SECURITY policy
Date Wed, 21 Nov 2012 17:19:59 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1264?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13502137#comment-13502137
] 

Oleg Kalnichevski commented on HTTPCLIENT-1264:
-----------------------------------------------

The original report contains a statement 'And yet, FireFox and IE have no trouble with these.'
which I find a bit vague. I am aware of different security modes in IE but could not find
anything similar in FF of a recent version. There ideally I would like to see HTTP packets
exchanged between FF an the site to be 100% sure the default behavior of HttpClient requires
changes.

Anyway, one can easily disable the check by extending the default implementation and registering
the subclass in stead of the default one

---
class LaxBrowserCompatSpec extends BrowserCompatSpec {

    public LaxBrowserCompatSpec() {
        super();
        registerAttribHandler(ClientCookie.PATH_ATTR, new BasicPathHandler() {

            @Override
            public void validate(
                    Cookie cookie, CookieOrigin origin) throws MalformedCookieException {
                // oh, I am easy
            }
            
        });
    }
    
}
---

Oleg 
                
> Need CookiePolicy.BROWSER_COMPATIBILITY_MEDIUM_SECURITY policy
> --------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1264
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1264
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpClient
>    Affects Versions: 4.2.2
>            Reporter: Karl Wright
>
> The ManifoldCF project is currently moving to HttpComponents 4.2.2 from a heavily patched
commons-httpclient 3.1 version.  One of the patches seems to have no particular equivalent
yet in HttpComponents.  Please see CONNECTORS-119 for details about what the patch did, and
research into the current HttpComponents code base.
> I am happy to create a specific patch if that is desired; please let me know.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message