[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Correct one-line-description of cookie setting in textbrowser w3m needed


I work on the german translation for the text-browser w3m. Within the
cookie settings, I doubt whether the short description of last of the
seven options on the option panel really fits to what is meant.

section[8]: Cookie Settings
1 use_cookie=<bool>                Enable cookie processing
2 show_cookie=<bool>               Print a message when receiving a cookie
3 accept_cookie=<bool>             Accept cookies
4 accept_bad_cookie=<number>       Action to be taken on invalid cookie
5 cookie_reject_domains=<string>   Domains to reject cookies from
6 cookie_accept_domains=<string>   Domains to accept cookies from
7 cookie_avoid_wrong_number_of_dots=<string> Domains to avoid [wrong number of dots]

My doubts began with the question what was the difference between
option 5 and 7, i.e. domains to reject and domains to
avoid. Meanwhile, I recieved hints to general information on cookie
processing and documention on w3m:

In file:///usr/share/doc/w3m/README.cookie it is explained

    If the number of "." in domain name is lesser than 2, it is
    assumed as invalid cookie (cf. RFC 2109 4.3.2), however, you can
    use cookie_avoid_wrong_number_of_dots to avoid this
    restriction. You can set this in "Domains to avoid [wrong number
    of dots]" on the Option Setting Panel.

The RFC (https://www.ietf.org/rfc/rfc2109.txt) explains

   4.3.2  Rejecting Cookies

   To prevent possible security or privacy violations, a user agent
   rejects a cookie (shall not store its information) if any of the
   following is true:

   * The value for the Path attribute is not a prefix of the request-

   * The value for the Domain attribute contains no embedded dots or
     does not start with a dot.

   * The value for the request-host does not domain-match the Domain

   * The request-host is a FQDN (not IP address) and has the form HD,
     where D is the value of the Domain attribute, and H is a string
     that contains one or more dots.


   * A Set-Cookie from request-host y.x.foo.com for Domain=.foo.com
     would be rejected, because H is y.x and contains a dot.

   * A Set-Cookie from request-host x.foo.com for Domain=.foo.com would
     be accepted.

   * A Set-Cookie with Domain=.com or Domain=.com., will always be
     rejected, because there is no embedded dot.

   * A Set-Cookie with Domain=ajax.com will be rejected because the
     value for Domain does not begin with a dot.

I assume that the option in question refers to differences between the
domain of the server which is about to set a cookie on the computer of
the internet user and the domain attribute inside the cookie.

Has anyone in Your team a suggestion for a-one-line description of
this option? I delivered one in my bug report [1]. Tatsuya as the
maintainer of the package w3m would as well appreciate Your help.


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765068

Reply to: