[Pidgin] #16602: util.c cookies inside 302 are ignored

Pidgin trac at pidgin.im
Sat Mar 21 23:52:02 EDT 2015

#16602: util.c cookies inside 302 are ignored
 Reporter:  drzraf   |      Owner:
     Type:  defect   |     Status:  new
Milestone:           |  Component:  libpurple
  Version:  2.10.11  |   Keywords:  http
 Currently, 301 and 302 headers are not processed (except Location:)
 In util.c: url_fetch_recv_cb() we can see:

 if(parse_redirect(...)) return;

 Thus, even if include_headers was requested, the response' headers are
 simply skipped and consumers' callbacks will never know nothing of the
 content/headers of this 302 (and won't access the cookies it aimed to set)

 1. it's perfectly legal to set cookies inside a 301/302 ¹
 2. the vast majority of UA supports it (cookie is actually set for the
 3. they are real-world example of webservers authentication process which
 rely (or hardly seem to rely) on Set-Cookie inside 302  ²

 The API should be modified to, at least, offer the possibility to not
 follow the redirection and leave API consumer do what it feel good to do
 with it.

 Side note: all this HTTP processing could be advantageously delegated to
 3rd party library (eg: libcurl) which, in this case, would be a far more
 legit dependency than, say, gconfd.

 ¹ http://stackoverflow.com/questions/4694089/sending-browser-cookies-

 ² Example from a well-known messaging compagny:

 curl -vc cookie.store https://login.skyp3.com/
 curl -vLc cookie2.store https://login.skyp3.com/

 With both commands, cookies inside the intermediate 302 *are* stored by
 curl for later, use with or without location-following.

Ticket URL: <https://developer.pidgin.im/ticket/16602>
Pidgin <https://pidgin.im>

More information about the Tracker mailing list