[Pidgin] #16602: util.c cookies inside 302 are ignored

[Pidgin]

#16602: util.c cookies inside 302 are ignored
---------------------+-----------------------
 Reporter:  drzraf   |      Owner:
     Type:  defect   |     Status:  new
Milestone:           |  Component:  libpurple
  Version:  2.10.11  |   Keywords:  http
---------------------+-----------------------
 Currently, 301 and 302 headers are not processed (except Location:)
 In util.c: url_fetch_recv_cb() we can see:

 {{{
 if(parse_redirect(...)) return;
 }}}

 Thus, even if include_headers was requested, the response' headers are
 simply skipped and consumers' callbacks will never know nothing of the
 content/headers of this 302 (and won't access the cookies it aimed to set)

 But...
 1. it's perfectly legal to set cookies inside a 301/302 ¹
 2. the vast majority of UA supports it (cookie is actually set for the
 domain)
 3. they are real-world example of webservers authentication process which
 rely (or hardly seem to rely) on Set-Cookie inside 302  ²

 The API should be modified to, at least, offer the possibility to not
 follow the redirection and leave API consumer do what it feel good to do
 with it.

 Side note: all this HTTP processing could be advantageously delegated to
 3rd party library (eg: libcurl) which, in this case, would be a far more
 legit dependency than, say, gconfd.



 ¹ http://stackoverflow.com/questions/4694089/sending-browser-cookies-
 during-a-302-redirect


 ² Example from a well-known messaging compagny:

 {{{
 curl -vc cookie.store https://login.skyp3.com/
 curl -vLc cookie2.store https://login.skyp3.com/
 }}}

 With both commands, cookies inside the intermediate 302 *are* stored by
 curl for later, use with or without location-following.

--
Ticket URL: <https://developer.pidgin.im/ticket/16602>
Pidgin <https://pidgin.im>
Pidgin