Enhance cookie jar implementation with comprehensive RFC 6265 support
This commit adds missing cookie handling cases to improve RFC 6265 compliance: Cookie Expiration: - Add expiration checking for both Expires and Max-Age attributes - Max-Age takes precedence over Expires per RFC 6265 - Automatic removal of expired cookies when processing responses - Store creation_time for accurate Max-Age calculation Cookie Management: - Update/replace existing cookies with same name, domain, and path - Prevent duplicate cookie entries in the jar - Consolidate multiple cookies into single Cookie header when sending Domain Handling: - Add domain validation to prevent servers from setting cookies for unrelated domains - Case-insensitive domain matching per RFC 6265 - Handle leading dots in Domain attribute (strip per RFC 6265 Section 5.2.3) - Subdomain matching for cookies without exact_domain flag Path Handling: - Implement RFC 6265 Section 5.1.4 default path computation - Use request path minus last component when Path attribute not specified - Fallback to "/" for edge cases Parser Improvements: - Add SameSite attribute support (None, Lax, Strict) - Gracefully ignore unknown/extension cookie attributes instead of failing - Forward compatibility with future cookie attributes Other: - Add time.h include for time() and time_t - Add http_date_to_time() helper for expiration comparison - Add is_cookie_expired() helper for expiration checks - Add compute_default_cookie_path() per RFC 6265
This commit is contained in:
@@ -13,6 +13,7 @@
|
||||
#include <stdbool.h>
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
#include <time.h>
|
||||
|
||||
#ifdef _WIN32
|
||||
#define WIN32_LEAN_AND_MEAN
|
||||
@@ -257,6 +258,12 @@ typedef struct {
|
||||
int second;
|
||||
} HTTP_Date;
|
||||
|
||||
typedef enum {
|
||||
HTTP_SAMESITE_NONE,
|
||||
HTTP_SAMESITE_LAX,
|
||||
HTTP_SAMESITE_STRICT,
|
||||
} HTTP_SameSite;
|
||||
|
||||
typedef struct {
|
||||
HTTP_String name;
|
||||
HTTP_String value;
|
||||
@@ -275,6 +282,9 @@ typedef struct {
|
||||
|
||||
bool have_path;
|
||||
HTTP_String path;
|
||||
|
||||
bool have_samesite;
|
||||
HTTP_SameSite samesite;
|
||||
} HTTP_SetCookie;
|
||||
|
||||
// Parses a Set-Cookie header value
|
||||
@@ -875,6 +885,13 @@ typedef struct {
|
||||
// This cookie can only be sent over HTTPS
|
||||
bool secure;
|
||||
|
||||
// Expiration information
|
||||
bool have_expires;
|
||||
HTTP_Date expires;
|
||||
bool have_max_age;
|
||||
uint32_t max_age;
|
||||
time_t creation_time; // Unix timestamp when cookie was created
|
||||
|
||||
} HTTP_CookieJarEntry;
|
||||
|
||||
typedef struct {
|
||||
|
||||
Reference in New Issue
Block a user