Correct one-line-description of cookie setting in textbrowser w3m needed
- To: firstname.lastname@example.org
- Subject: Correct one-line-description of cookie setting in textbrowser w3m needed
- From: email@example.com
- Date: Thu, 16 Oct 2014 12:58:20 +0200
- Message-id: <[🔎] 20141016105820.GA3688@lune>
- In-reply-to: <firstname.lastname@example.org>
- References: <20141005221815.GB3707@lune> <54324D75.email@example.com> <firstname.lastname@example.org> <20141006205938.GA3878@lune> <20141007175057.GA5913@Debian-50-lenny-64-minimal> <email@example.com>
I work on the german translation for the text-browser w3m. Within the
cookie settings, I doubt whether the short description of last of the
seven options on the option panel really fits to what is meant.
section: Cookie Settings
1 use_cookie=<bool> Enable cookie processing
2 show_cookie=<bool> Print a message when receiving a cookie
3 accept_cookie=<bool> Accept cookies
4 accept_bad_cookie=<number> Action to be taken on invalid cookie
5 cookie_reject_domains=<string> Domains to reject cookies from
6 cookie_accept_domains=<string> Domains to accept cookies from
7 cookie_avoid_wrong_number_of_dots=<string> Domains to avoid [wrong number of dots]
My doubts began with the question what was the difference between
option 5 and 7, i.e. domains to reject and domains to
avoid. Meanwhile, I recieved hints to general information on cookie
processing and documention on w3m:
In file:///usr/share/doc/w3m/README.cookie it is explained
If the number of "." in domain name is lesser than 2, it is
assumed as invalid cookie (cf. RFC 2109 4.3.2), however, you can
use cookie_avoid_wrong_number_of_dots to avoid this
restriction. You can set this in "Domains to avoid [wrong number
of dots]" on the Option Setting Panel.
The RFC (https://www.ietf.org/rfc/rfc2109.txt) explains
4.3.2 Rejecting Cookies
To prevent possible security or privacy violations, a user agent
rejects a cookie (shall not store its information) if any of the
following is true:
* The value for the Path attribute is not a prefix of the request-
* The value for the Domain attribute contains no embedded dots or
does not start with a dot.
* The value for the request-host does not domain-match the Domain
* The request-host is a FQDN (not IP address) and has the form HD,
where D is the value of the Domain attribute, and H is a string
that contains one or more dots.
* A Set-Cookie from request-host y.x.foo.com for Domain=.foo.com
would be rejected, because H is y.x and contains a dot.
* A Set-Cookie from request-host x.foo.com for Domain=.foo.com would
* A Set-Cookie with Domain=.com or Domain=.com., will always be
rejected, because there is no embedded dot.
* A Set-Cookie with Domain=ajax.com will be rejected because the
value for Domain does not begin with a dot.
I assume that the option in question refers to differences between the
domain of the server which is about to set a cookie on the computer of
the internet user and the domain attribute inside the cookie.
Has anyone in Your team a suggestion for a-one-line description of
this option? I delivered one in my bug report . Tatsuya as the
maintainer of the package w3m would as well appreciate Your help.