xref: /curl/tests/data/test414 (revision e7a021e1)
1<testcase>
2<info>
3<keywords>
4HTTP
5cookies
6--resolve
7</keywords>
8</info>
9
10#
11# Server-side
12<reply>
13<data nocheck="yes">
14HTTP/1.1 301 OK
15Date: Tue, 09 Nov 2010 14:49:00 GMT
16Server: test-server/fake
17Content-Length: 6
18Set-Cookie: SESSIONID=originaltoken; secure
19Set-Cookie: second=originaltoken; secure; path=/a
20Location: http://attack.invalid:%HTTPPORT/a/b/%TESTNUMBER0002
21
22-foo-
23</data>
24
25<data2>
26HTTP/1.1 301 OK
27Date: Tue, 09 Nov 2010 14:49:00 GMT
28Server: test-server/fake
29Content-Length: 6
30Set-Cookie: SESSIONID=hacker; domain=attack.invalid;
31Set-Cookie: second=replacement; path=/a/b
32Location: https://attack.invalid:%HTTPSPORT/a/b/%TESTNUMBER0003
33
34-foo-
35</data2>
36
37<data3>
38HTTP/1.1 200 OK
39Date: Tue, 09 Nov 2010 14:49:00 GMT
40Server: test-server/fake
41Content-Length: 6
42
43-foo-
44</data3>
45</reply>
46
47#
48# Client-side
49<client>
50<server>
51http
52https
53</server>
54<name>
55HTTPS sec-cookie, HTTP redirect, same name cookie, redirect back
56</name>
57<command>
58https://attack.invalid:%HTTPSPORT/a/b/%TESTNUMBER -k -c %LOGDIR/cookie%TESTNUMBER --resolve attack.invalid:%HTTPSPORT:%HOSTIP --resolve attack.invalid:%HTTPPORT:%HOSTIP -L
59</command>
60</client>
61
62#
63# Verify data after the test has been "shot"
64<verify>
65<protocol>
66GET /a/b/%TESTNUMBER HTTP/1.1
67Host: attack.invalid:%HTTPSPORT
68User-Agent: curl/%VERSION
69Accept: */*
70
71GET /a/b/%TESTNUMBER0002 HTTP/1.1
72Host: attack.invalid:%HTTPPORT
73User-Agent: curl/%VERSION
74Accept: */*
75
76GET /a/b/%TESTNUMBER0003 HTTP/1.1
77Host: attack.invalid:%HTTPSPORT
78User-Agent: curl/%VERSION
79Accept: */*
80Cookie: SESSIONID=originaltoken; second=originaltoken
81
82</protocol>
83</verify>
84</testcase>
85