romenskiy2012/curl

Fork 0

mirror of https://github.com/curl/curl.git synced 2026-06-14 16:35:38 +03:00

Commit graph

Author	SHA1	Message	Date
Daniel Stenberg	e66b81a532	cookie: tailmatch the domains for secure override If a SECURE cookie is set for a sub-domain (`example.com`) and is then attempted to get set again for more specific part of that domain (`www.example.com`) without the SECURE property, the second occurance should not be allowed. Reported-by: Trail of Bits Verified by test 3305 Closes #21910	2026-06-09 11:11:07 +02:00

Author

SHA1

Message

Date

Daniel Stenberg

e66b81a532

cookie: tailmatch the domains for secure override

If a SECURE cookie is set for a sub-domain (`example.com`) and is then
attempted to get set again for more specific part of that domain
(`www.example.com`) without the SECURE property, the second occurance
should not be allowed.

Reported-by: Trail of Bits

Verified by test 3305
Closes #21910

2026-06-09 11:11:07 +02:00

1 commit