Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
On Thu, Nov 04, 2021 at 07:22:06PM +, Sylvain BERTRAND wrote: > Hi, > > is the patch ok to go in? It looks okay to me. > regards, > > -- > Sylvain > > On Wed, Nov 03, 2021 at 07:28:21PM +, Sylvain BERTRAND wrote: > > Ok, I did dive into the issue and found the bug which is on the server side: > > the server does bug if you send mix-cased http header names, namely > > 'Content-type' > > instead of 'Content-Type'. > > Weird, I have a very strong feeling of deja vu. > > > > Here is a patch to work-around those buggy servers with lynx: > > --- > > > > --- a/WWW/Library/Implementation/HTTP.c > > +++ b/WWW/Library/Implementation/HTTP.c > > @@ -1741,13 +1741,13 @@ > > anAnchor->post_content_type > > ? anAnchor->post_content_type > > : "lose")); > > - HTBprintf(, "Content-type: %s%c%c", > > + HTBprintf(, "Content-Type: %s%c%c", > > anAnchor->post_content_type > > ? anAnchor->post_content_type > > : "lose", > > CR, LF); > > > > - HTBprintf(, "Content-length: %d%c%c", > > + HTBprintf(, "Content-Length: %d%c%c", > > !isBEmpty(anAnchor->post_data) > > ? BStrLen(anAnchor->post_data) > > : 0, > -- Thomas E. Dickey https://invisible-island.net ftp://ftp.invisible-island.net signature.asc Description: PGP signature
Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
Hi, is the patch ok to go in? regards, -- Sylvain On Wed, Nov 03, 2021 at 07:28:21PM +, Sylvain BERTRAND wrote: > Ok, I did dive into the issue and found the bug which is on the server side: > the server does bug if you send mix-cased http header names, namely > 'Content-type' > instead of 'Content-Type'. > Weird, I have a very strong feeling of deja vu. > > Here is a patch to work-around those buggy servers with lynx: > --- > > --- a/WWW/Library/Implementation/HTTP.c > +++ b/WWW/Library/Implementation/HTTP.c > @@ -1741,13 +1741,13 @@ > anAnchor->post_content_type > ? anAnchor->post_content_type > : "lose")); > - HTBprintf(, "Content-type: %s%c%c", > + HTBprintf(, "Content-Type: %s%c%c", > anAnchor->post_content_type > ? anAnchor->post_content_type > : "lose", > CR, LF); > > - HTBprintf(, "Content-length: %d%c%c", > + HTBprintf(, "Content-Length: %d%c%c", > !isBEmpty(anAnchor->post_data) > ? BStrLen(anAnchor->post_data) > : 0,
Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
Ok, I did dive into the issue and found the bug which is on the server side: the server does bug if you send mix-cased http header names, namely 'Content-type' instead of 'Content-Type'. Weird, I have a very strong feeling of deja vu. Here is a patch to work-around those buggy servers with lynx: --- --- a/WWW/Library/Implementation/HTTP.c +++ b/WWW/Library/Implementation/HTTP.c @@ -1741,13 +1741,13 @@ anAnchor->post_content_type ? anAnchor->post_content_type : "lose")); - HTBprintf(, "Content-type: %s%c%c", + HTBprintf(, "Content-Type: %s%c%c", anAnchor->post_content_type ? anAnchor->post_content_type : "lose", CR, LF); - HTBprintf(, "Content-length: %d%c%c", + HTBprintf(, "Content-Length: %d%c%c", !isBEmpty(anAnchor->post_data) ? BStrLen(anAnchor->post_data) : 0,
Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
Sylvain BERTRAND dixit: >field, but if I do enable links2 cookie-saving, I can see the session cookie in >the cookie save file (after exiting links2). I suspect some redirections did Can you transplant these to lynx’ cookie file, and does the site work then? If so, we’ll at least know it’s just the login process. bye, //mirabilos -- 15:41⎜ Somebody write a testsuite for helloworld :-)
Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
David Woolley wrote in <04bbf503-c915-b09b-7f4e-00b7829dc...@david-woolley.me.uk>: |On 03/11/2021 00:15, Thorsten Glaser wrote: |> (it's not related to user-agent...). Recompiling those (to capture the |> actual headers_they_ see) would be simpler than firefox... | |Firefox has built-in developer tools that allow you to see what was on |the wire. Maybe easier with curl(1)'s -I that only fetches headers. |These are the header received with the HTML on the home page: | |Cache-Control | private, pre-check=0, post-check=0, max-age=0 |Connection | keep-alive |Content-Encoding | gzip |Content-Length | 4192 |Content-Type | text/html; charset=UTF-8 |Date | Wed, 03 Nov 2021 11:19:40 GMT |Expires | 0 |Pragma | no-cache |Server | HeavyThing |Set-Cookie | phpbb2mysql_data=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; |Max-Age=0; path=/; secure |Set-Cookie | phpbb2mysql_sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; |Max-Age=0; path=/; secure |X-Powered-By | PHP/7.2.5 $ curl -I http://board.flatassembler.net/ HTTP/1.1 200 She'll be apples X-Powered-By: PHP/7.2.5 Set-Cookie: phpbb2mysql_data=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure Set-Cookie: phpbb2mysql_sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure Cache-Control: private, pre-check=0, post-check=0, max-age=0 Expires: 0 Pragma: no-cache Content-Type: text/html; charset=UTF-8 Connection: keep-alive Server: HeavyThing Date: Wed, 03 Nov 2021 16:38:25 GMT --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
On 03/11/2021 11:23, David Woolley wrote: On 03/11/2021 00:15, Thorsten Glaser wrote: (it's not related to user-agent...). Recompiling those (to capture the actual headers_they_ see) would be simpler than firefox... Firefox has built-in developer tools that allow you to see what was on the wire. These are the header received with the HTML on the home page: Note that the secure attribute means they would not be used with the URL scheme in the subject, and this site doesn't automatically redirect to https:. The same cookie deletions are served for the login page and for the login page accessed over https.
Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
On 03/11/2021 00:15, Thorsten Glaser wrote: (it's not related to user-agent...). Recompiling those (to capture the actual headers_they_ see) would be simpler than firefox... Firefox has built-in developer tools that allow you to see what was on the wire. These are the header received with the HTML on the home page: Cache-Control private, pre-check=0, post-check=0, max-age=0 Connection keep-alive Content-Encoding gzip Content-Length 4192 Content-Type text/html; charset=UTF-8 Date Wed, 03 Nov 2021 11:19:40 GMT Expires 0 Pragma no-cache Server HeavyThing Set-Cookie phpbb2mysql_data=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure Set-Cookie phpbb2mysql_sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure X-Powered-By PHP/7.2.5
Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
On Tue, Nov 02, 2021 at 08:02:01PM -0400, Thomas Dickey wrote: > On Tue, Nov 02, 2021 at 05:49:54PM +, Sylvain BERTRAND wrote: > > On Mon, Nov 01, 2021 at 08:24:41PM -0400, Thomas Dickey wrote: > > > Set-Cookie: phpbb2mysql_data=deleted; expires=Thu, 01-Jan-1970 00:00:01 > > > GMT; Max-Age=0; path=/; secure > > > Set-Cookie: phpbb2mysql_sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 > > > GMT; Max-Age=0; path=/; secure > > > > Ok. If I understood correctly, the web server is sending to lynx, headers to > > delete those 2 above cookies, but is not to links/others, namely it is > > sending > > correct cookies? > > I don't see in the trace that it sends cookies - those lines are intended > to delete the cookies. > > I'm assuming that lynx is getting the same information as elinks and w3m. > (it's not related to user-agent...). Recompiling those (to capture the > actual headers _they_ see) would be simpler than firefox... > > That's something I'd do on the weekend. With links2, once my credentials were sent, I get to the main forum index and links2 menu option that shows the http headers does not show any set-cookie field, but if I do enable links2 cookie-saving, I can see the session cookie in the cookie save file (after exiting links2). I suspect some redirections did happen super fast, setting up the session cookie. I don't recall seeing any redirections after sending the credentials in lynx trace file. -- Sylvain
Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
Thomas Dickey dixit: >(it's not related to user-agent...). Recompiling those (to capture the >actual headers _they_ see) would be simpler than firefox... > >That's something I'd do on the weekend. It’s an HTTP site, so tcpdump -X is your friend. For HTTPS sites, the Burp suite as proxy usually does wonders. bye, //mirabilos -- If Harry Potter gets a splitting headache in his scar when he’s near Tom Riddle (aka Voldemort), does Tom get pain in the arse when Harry is near him? -- me, wondering why it’s not Jerry Potter………
Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
On Tue, Nov 02, 2021 at 05:49:54PM +, Sylvain BERTRAND wrote: > On Mon, Nov 01, 2021 at 08:24:41PM -0400, Thomas Dickey wrote: > > Set-Cookie: phpbb2mysql_data=deleted; expires=Thu, 01-Jan-1970 00:00:01 > > GMT; Max-Age=0; path=/; secure > > Set-Cookie: phpbb2mysql_sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; > > Max-Age=0; path=/; secure > > Ok. If I understood correctly, the web server is sending to lynx, headers to > delete those 2 above cookies, but is not to links/others, namely it is sending > correct cookies? I don't see in the trace that it sends cookies - those lines are intended to delete the cookies. I'm assuming that lynx is getting the same information as elinks and w3m. (it's not related to user-agent...). Recompiling those (to capture the actual headers _they_ see) would be simpler than firefox... That's something I'd do on the weekend. -- Thomas E. Dickey https://invisible-island.net ftp://ftp.invisible-island.net signature.asc Description: PGP signature
Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
On Mon, Nov 01, 2021 at 08:24:41PM -0400, Thomas Dickey wrote: > Set-Cookie: phpbb2mysql_data=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; > Max-Age=0; path=/; secure > Set-Cookie: phpbb2mysql_sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; > Max-Age=0; path=/; secure Ok. If I understood correctly, the web server is sending to lynx, headers to delete those 2 above cookies, but is not to links/others, namely it is sending correct cookies? -- Sylvain
Re: [Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
On Mon, Nov 01, 2021 at 08:22:24PM +, Sylvain BERTRAND wrote: > Hi, > > I don't know if it is my build (2.9.0 dev10), but I am unable to log in > http://board.flatassembler.net/ . > The cooky jar shows only 1 empty cookie from this web site. Perhaps this: In lynx's trace (showing the header returned by the server), the cookies have bogus expiration times: Set-Cookie: phpbb2mysql_data=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure Set-Cookie: phpbb2mysql_sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure but using chrome, the expiration is filled in for 24 hours from now. > Somebody else from the forum did tri a 2.8.0 dev 16 and failed too. > > (links browser working ok) elinks says the cookies expire "now". (other browsers hide that information, someone may dig into them to report) -- Thomas E. Dickey https://invisible-island.net ftp://ftp.invisible-island.net signature.asc Description: PGP signature
[Lynx-dev] [cookies?] unable to log in in http://board.flatassembler.net/
Hi, I don't know if it is my build (2.9.0 dev10), but I am unable to log in http://board.flatassembler.net/ . The cooky jar shows only 1 empty cookie from this web site. Somebody else from the forum did tri a 2.8.0 dev 16 and failed too. (links browser working ok) regards, -- Sylvain BERTRAND