httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Prime <>
Subject Re: HttpOnly + [VOTE] T&R libapreq-2.13
Date Sat, 13 Nov 2010 04:07:42 GMT
On 12/11/10 05:28 PM, Adam Prime wrote:
>> All looks good.  Waiting for someone with more legal knowledge than I to
>> confirm that we can re-use the patch, and I'll commit to trunk.
>> We may also want to do a release.  With the small amount of development,
>> it could be years until this sees the light of day if we wait to package
>> more stuff into it :)  2.12 was released March, 2009, so I'd like to
>> call a vote to T&R 2.13.
>> [  ] Release 2.13 with the new HttpOnly cookie feature (once committed)
>> [  ] Don't release 2.13 yet
> I have tests for the perl interface at home. I can send that patch later
> this evening.  I don't have a vote, but i'd vote for getting it out ;)

The perl test is attached.  One thing that should be noted about both
these tests is that they only test HttpOnly on the outgoing Set-Cookie:
header.  From what i read, HttpOnly shouldn't exist on Cookie: headers
coming from the client, and the patch from debian does not add support
for parsing them out of Cookie: headers.  I think known though, but i
just wanted to make sure it was pointed out explicitly.


View raw message