Change #269904
| Category | None |
| Changed by | Daniel Stenberg <daniel@haxx.se> |
| Changed at | Mon 08 Jun 2026 16:37:44 |
| Repository | https://api.github.com/repos/curl/curl |
| Project | curl/curl |
| Branch | bagder/cookie-domain |
| Revision | a7adff406a6c6bbc1054df396ed9964cd4a06720 |
Comments
cookie: tailmatch the domains for secure override If a SECURE cookie is set for a sub-domain (`example.com`) and is then attempted to get set again for more specific part of that domain (`www.example.com`) without the SECURE property, the second occurance should not be allowed. Reported-by: Trail of Bits Verified by test 3305
Changed files
- lib/cookie.c
- tests/data/Makefile.am
- tests/data/test3305