[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: w3m: Meaning of string in configuration

Hello Dai,

dai@debian.org schrieb am 11. Oct 2014 um 12:02

> NOTE: i am not same person as satodai@w3m.jp.

nevertheless, thanks for answering to my three mails. 

And maybe you are familiar enough with w3m to tell me what You think
about msgid 204

#: rc.c:204
msgid "Domains to avoid [wrong number of dots]"

> "wrong number of dots" is error message.
> you can find this mean in doc/README.cookie.
> > ?? If the number of "." in domain name is lesser than 2, it is
> >    assumed as invalid cookie (cf. RFC 2109 4.3.2), however, you can
> >    use cookie_avoid_wrong_number_of_dots to avoid this
> >    restriction. You can set this in "Domains to avoid [wrong number
> >    of dots]" on the Option Setting Panel.

According to this paragraph of README.cookies, this item makes w3m
accept cookies that would be rejected otherwise.

The msgid we have a problem with would be understood the other way
round: The user shall type in a list of domains to be avoided. And
this would be quite the same as msgid 202

#: rc.c:202
msgid "Domains to reject cookies from"

I would appreciate recieving your opinion before passing a bug report
to the maintainer of the package w3m.


Quotation from https://www.ietf.org/rfc/rfc2109.txt

   4.3.2  Rejecting Cookies

   To prevent possible security or privacy violations, a user agent
   rejects a cookie (shall not store its information) if any of the
   following is true:

   * The value for the Path attribute is not a prefix of the request-

   * The value for the Domain attribute contains no embedded dots or
     does not start with a dot.

   * The value for the request-host does not domain-match the Domain

   * The request-host is a FQDN (not IP address) and has the form HD,
     where D is the value of the Domain attribute, and H is a string
     that contains one or more dots.


   * A Set-Cookie from request-host y.x.foo.com for Domain=.foo.com
     would be rejected, because H is y.x and contains a dot.

   * A Set-Cookie from request-host x.foo.com for Domain=.foo.com would
     be accepted.

   * A Set-Cookie with Domain=.com or Domain=.com., will always be
     rejected, because there is no embedded dot.

   * A Set-Cookie with Domain=ajax.com will be rejected because the
     value for Domain does not begin with a dot.

Reply to: