mirror of
https://github.com/curl/curl.git
synced 2026-04-11 12:01:42 +08:00
b5ea0736bb
To formalize they are now XML-compliant (with some asterisks.) Also to help syntax highlighters work on them to make their content more readable. Also: - Delete empty comment decorations. - GHA/checksrc: simplify XML check. - runtests: fail to load test data with XML prolog missing. Follow-up tobfe6eb1c06#19927 Follow-up to87ba80a6dfCloses #19946
83 lines
1.6 KiB
XML
83 lines
1.6 KiB
XML
<?xml version="1.0" encoding="US-ASCII"?>
|
|
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTP
|
|
cookies
|
|
--resolve
|
|
</keywords>
|
|
</info>
|
|
|
|
# Server-side
|
|
<reply>
|
|
<data nocheck="yes">
|
|
HTTP/1.1 301 OK
|
|
Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
Server: test-server/fake
|
|
Content-Length: 6
|
|
Set-Cookie: SESSIONID=originaltoken; secure
|
|
Set-Cookie: second=originaltoken; secure; path=/a
|
|
Location: http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER0002
|
|
|
|
-foo-
|
|
</data>
|
|
|
|
<data2>
|
|
HTTP/1.1 301 OK
|
|
Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
Server: test-server/fake
|
|
Content-Length: 6
|
|
Set-Cookie: SESSIONID=hacker; domain=attack.invalid;
|
|
Set-Cookie: second=replacement; path=/a/b
|
|
Location: https://attack.invalid:%HTTPSPORT/a/b/%TESTNUMBER0003
|
|
|
|
-foo-
|
|
</data2>
|
|
|
|
<data3>
|
|
HTTP/1.1 200 OK
|
|
Date: Tue, 09 Nov 2010 14:49:00 GMT
|
|
Server: test-server/fake
|
|
Content-Length: 6
|
|
|
|
-foo-
|
|
</data3>
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
http
|
|
https
|
|
</server>
|
|
<name>
|
|
HTTPS sec-cookie, HTTP redirect, same name cookie, redirect back
|
|
</name>
|
|
<command>
|
|
https://attack.invalid:%HTTPSPORT/a/b/%TESTNUMBER --insecure -c %LOGDIR/cookie%TESTNUMBER --resolve attack.invalid:%HTTPSPORT:%HOSTIP --resolve attack.invalid:%HTTPPORT:%HOSTIP -L
|
|
</command>
|
|
</client>
|
|
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<protocol crlf="headers">
|
|
GET /a/b/%TESTNUMBER HTTP/1.1
|
|
Host: attack.invalid:%HTTPSPORT
|
|
User-Agent: curl/%VERSION
|
|
Accept: */*
|
|
|
|
GET /a/b/%TESTNUMBER0002 HTTP/1.1
|
|
Host: attack.invalid:%HTTPPORT
|
|
User-Agent: curl/%VERSION
|
|
Accept: */*
|
|
|
|
GET /a/b/%TESTNUMBER0003 HTTP/1.1
|
|
Host: attack.invalid:%HTTPSPORT
|
|
User-Agent: curl/%VERSION
|
|
Accept: */*
|
|
Cookie: SESSIONID=originaltoken; second=originaltoken
|
|
|
|
</protocol>
|
|
</verify>
|
|
</testcase>
|