github-repos/wget
1
0
Fork 0
mirror of https://github.com/mirror/wget.git synced 2025-01-31 14:50:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Strictly comply with RFC 6797

Browse Source 
* src/hsts.c (hsts_store_entry): strictly comply with RFC 6797.

RFC 6797 states in section 8.1 that the UA's cached information should
only be updated if:

    "either or both of the max-age and includeSubDomains header field
    value tokens are conveying information different than that already
    maintained by the UA."
This commit is contained in:
Ander Juaristi 2016-04-06 13:31:41 +02:00 committed by Tim Rühsen
parent 33d860e1ef
commit 2f1c6a05c8
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/hsts.c
View File

@ -426,9 +426,8 @@ hsts_store_entry (hsts_store_t store,
hsts_remove_entry (store, kh);
else if (max_age > 0)
{
entry->include_subdomains = include_subdomains;
if (entry->max_age != max_age)
if (entry->max_age != max_age ||
entry->include_subdomains != include_subdomains)
{
/* RFC 6797 states that 'max_age' is a TTL relative to the reception of the STS header
so we have to update the 'created' field too */
@ -436,6 +435,7 @@ hsts_store_entry (hsts_store_t store,
if (t != -1)
entry->created = t;
entry->max_age = max_age;
entry->include_subdomains = include_subdomains;
}
}
/* we ignore negative max_ages */