1 ;;; url-cookie.el --- Netscape Cookie support
2 ;; Author: $Author: wmperry $
3 ;; Created: $Date: 2002/10/29 14:44:59 $
4 ;; Version: $Revision: 1.7 $
5 ;; Keywords: comm, data, processes, hypermedia
7 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
8 ;;; Copyright (c) 1996 by William M. Perry <wmperry@cs.indiana.edu>
9 ;;; Copyright (c) 1996 - 1999 Free Software Foundation, Inc.
11 ;;; This file is part of GNU Emacs.
13 ;;; GNU Emacs is free software; you can redistribute it and/or modify
14 ;;; it under the terms of the GNU General Public License as published by
15 ;;; the Free Software Foundation; either version 2, or (at your option)
16 ;;; any later version.
18 ;;; GNU Emacs is distributed in the hope that it will be useful,
19 ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
20 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 ;;; GNU General Public License for more details.
23 ;;; You should have received a copy of the GNU General Public License
24 ;;; along with GNU Emacs; see the file COPYING. If not, write to the
25 ;;; Free Software Foundation, Inc., 59 Temple Place - Suite 330,
26 ;;; Boston, MA 02111-1307, USA.
27 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
32 (eval-when-compile (require 'cl))
34 ;; See http://home.netscape.com/newsref/std/cookie_spec.html for the
35 ;; 'open standard' defining this crap.
37 ;; A cookie is stored internally as a vector of 7 slots
38 ;; [ 'cookie name value expires path domain secure ]
40 (defsubst url-cookie-name (cookie) (aref cookie 1))
41 (defsubst url-cookie-value (cookie) (aref cookie 2))
42 (defsubst url-cookie-expires (cookie) (aref cookie 3))
43 (defsubst url-cookie-path (cookie) (aref cookie 4))
44 (defsubst url-cookie-domain (cookie) (aref cookie 5))
45 (defsubst url-cookie-secure (cookie) (aref cookie 6))
47 (defsubst url-cookie-set-name (cookie val) (aset cookie 1 val))
48 (defsubst url-cookie-set-value (cookie val) (aset cookie 2 val))
49 (defsubst url-cookie-set-expires (cookie val) (aset cookie 3 val))
50 (defsubst url-cookie-set-path (cookie val) (aset cookie 4 val))
51 (defsubst url-cookie-set-domain (cookie val) (aset cookie 5 val))
52 (defsubst url-cookie-set-secure (cookie val) (aset cookie 6 val))
53 (defsubst url-cookie-retrieve-arg (key args) (nth 1 (memq key args)))
55 (defsubst url-cookie-create (&rest args)
56 (let ((retval (make-vector 7 nil)))
57 (aset retval 0 'cookie)
58 (url-cookie-set-name retval (url-cookie-retrieve-arg :name args))
59 (url-cookie-set-value retval (url-cookie-retrieve-arg :value args))
60 (url-cookie-set-expires retval (url-cookie-retrieve-arg :expires args))
61 (url-cookie-set-path retval (url-cookie-retrieve-arg :path args))
62 (url-cookie-set-domain retval (url-cookie-retrieve-arg :domain args))
63 (url-cookie-set-secure retval (url-cookie-retrieve-arg :secure args))
66 (defun url-cookie-p (obj)
67 (and (vectorp obj) (= (length obj) 7) (eq (aref obj 0) 'cookie)))
69 (defgroup url-cookie nil
75 (defvar url-cookie-storage nil "Where cookies are stored.")
76 (defvar url-cookie-secure-storage nil "Where secure cookies are stored.")
77 (defcustom url-cookie-file nil "*Where cookies are stored on disk."
78 :type '(choice (const :tag "Default" :value nil) file)
82 (defcustom url-cookie-confirmation nil
83 "*If non-nil, confirmation by the user is required to accept HTTP cookies."
87 (defcustom url-cookie-multiple-line nil
88 "*If nil, HTTP requests put all cookies for the server on one line.
89 Some web servers, such as http://www.hotmail.com/, only accept cookies
90 when they are on one line. This is broken behaviour, but just try
91 telling Microsoft that.")
93 (defvar url-cookies-changed-since-last-save nil
94 "Whether the cookies list has changed since the last save operation.")
97 (defun url-cookie-parse-file (&optional fname)
98 (setq fname (or fname url-cookie-file))
101 (error (message "Could not load cookie file %s" fname))))
103 (defun url-cookie-clean-up (&optional secure)
105 (var (if secure 'url-cookie-secure-storage 'url-cookie-storage))
106 (val (symbol-value var))
119 (setq cur-cookie (car cookies)
120 cookies (cdr cookies))
121 (if (or (not (url-cookie-p cur-cookie))
122 (url-cookie-expired-p cur-cookie)
123 (null (url-cookie-expires cur-cookie)))
125 (setq new-cookies (cons cur-cookie new-cookies))))
126 (if (not new-cookies)
128 (setcdr cur new-cookies)
129 (setq new (cons cur new))))
133 (defun url-cookie-write-file (&optional fname)
134 (setq fname (or fname url-cookie-file))
136 ((not url-cookies-changed-since-last-save) nil)
137 ((not (file-writable-p fname))
138 (message "Cookies file %s (see variable `url-cookie-file') is unwritable." fname))
140 (url-cookie-clean-up)
141 (url-cookie-clean-up t)
143 (set-buffer (get-buffer-create " *cookies*"))
146 (insert ";; Emacs-W3 HTTP cookies file\n"
147 ";; Automatically generated file!!! DO NOT EDIT!!!\n\n"
148 "(setq url-cookie-storage\n '")
149 (pp url-cookie-storage (current-buffer))
150 (insert ")\n(setq url-cookie-secure-storage\n '")
151 (pp url-cookie-secure-storage (current-buffer))
154 (kill-buffer (current-buffer))))))
156 (defun url-cookie-store (name value &optional expires domain path secure)
157 "Stores a netscape-style cookie"
158 (let* ((storage (if secure url-cookie-secure-storage url-cookie-storage))
163 ;; First, look for a matching domain
164 (setq found-domain (assoc domain storage))
167 ;; Need to either stick the new cookie in existing domain storage
168 ;; or possibly replace an existing cookie if the names match.
170 (setq storage (cdr found-domain)
173 (setq cur (car storage)
174 storage (cdr storage))
175 (if (and (equal path (url-cookie-path cur))
176 (equal name (url-cookie-name cur)))
178 (url-cookie-set-expires cur expires)
179 (url-cookie-set-value cur value)
183 (setcdr found-domain (cons
184 (url-cookie-create :name name
190 (cdr found-domain)))))
191 ;; Need to add a new top-level domain
192 (setq tmp (url-cookie-create :name name
200 (setcdr storage (cons (list domain tmp) (cdr storage))))
202 (setq url-cookie-secure-storage (list (list domain tmp))))
204 (setq url-cookie-storage (list (list domain tmp))))))))
206 (defun url-cookie-expired-p (cookie)
208 (exp (url-cookie-expires cookie))
209 (cur-date (and exp (timezone-parse-date (current-time-string))))
210 (exp-date (and exp (timezone-parse-date exp)))
211 (cur-greg (and cur-date (timezone-absolute-from-gregorian
212 (string-to-int (aref cur-date 1))
213 (string-to-int (aref cur-date 2))
214 (string-to-int (aref cur-date 0)))))
215 (exp-greg (and exp (timezone-absolute-from-gregorian
216 (string-to-int (aref exp-date 1))
217 (string-to-int (aref exp-date 2))
218 (string-to-int (aref exp-date 0)))))
219 (diff-in-days (and exp (- cur-greg exp-greg)))
222 ((not exp) nil) ; No expiry == expires at browser quit
223 ((< diff-in-days 0) nil) ; Expires sometime after today
224 ((> diff-in-days 0) t) ; Expired before today
225 (t ; Expires sometime today, check times
226 (let* ((cur-time (timezone-parse-time (aref cur-date 3)))
227 (exp-time (timezone-parse-time (aref exp-date 3)))
228 (cur-norm (+ (* 360 (string-to-int (aref cur-time 2)))
229 (* 60 (string-to-int (aref cur-time 1)))
230 (* 1 (string-to-int (aref cur-time 0)))))
231 (exp-norm (+ (* 360 (string-to-int (aref exp-time 2)))
232 (* 60 (string-to-int (aref exp-time 1)))
233 (* 1 (string-to-int (aref exp-time 0))))))
234 (> (- cur-norm exp-norm) 1))))))
237 (defun url-cookie-retrieve (host path &optional secure)
238 "Retrieves all the netscape-style cookies for a specified HOST and PATH"
239 (let ((storage (if secure
240 (append url-cookie-secure-storage url-cookie-storage)
248 (setq cur (car storage)
249 storage (cdr storage)
252 (string-match (concat "^.*" (regexp-quote (car cur)) "$") host))
253 ;; The domains match - a possible hit!
255 (setq cur (car cookies)
256 cookies (cdr cookies)
257 path-regexp (concat "^" (regexp-quote
258 (url-cookie-path cur))))
259 (if (and (string-match path-regexp path)
260 (not (url-cookie-expired-p cur)))
261 (setq retval (cons cur retval))))))
265 (defun url-cookie-generate-header-lines (host path secure)
266 (let* ((cookies (url-cookie-retrieve host path secure))
270 ;; Have to sort this for sending most specific cookies first
271 (setq cookies (and cookies
275 (> (length (url-cookie-path x))
276 (length (url-cookie-path y))))))))
278 (setq cur (car cookies)
279 cookies (cdr cookies)
280 chunk (format "%s=%s" (url-cookie-name cur) (url-cookie-value cur))
281 retval (if (and url-cookie-multiple-line
282 (< 80 (+ (length retval) (length chunk) 4)))
283 (concat retval "\r\nCookie: " chunk)
285 (concat retval "; " chunk)
286 (concat "Cookie: " chunk)))))
288 (concat retval "\r\n")
291 (defvar url-cookie-two-dot-domains
293 (mapconcat 'identity (list "com" "edu" "net" "org" "gov" "mil" "int")
296 "A regular expression of top-level domains that only require two matching
297 '.'s in the domain name in order to set a cookie.")
299 (defcustom url-cookie-trusted-urls nil
300 "*A list of regular expressions matching URLs to always accept cookies from."
301 :type '(repeat regexp)
304 (defcustom url-cookie-untrusted-urls nil
305 "*A list of regular expressions matching URLs to never accept cookies from."
306 :type '(repeat regexp)
309 (defun url-cookie-host-can-set-p (host domain)
315 (while (setq last (string-match "\\." domain last))
316 (setq numdots (1+ numdots)
318 (if (string-match url-cookie-two-dot-domains domain)
321 ((string= host domain) ; Apparently netscape lets you do this
323 ((>= numdots mindots) ; We have enough dots in domain name
324 ;; Need to check and make sure the host is actually _in_ the
325 ;; domain it wants to set a cookie for though.
326 (string-match (concat (regexp-quote domain) "$") host))
331 (defun url-cookie-handle-set-cookie (str)
332 (setq url-cookies-changed-since-last-save t)
333 (let* ((args (url-parse-args str t))
335 (secure (and (assoc-ignore-case "secure" args) t))
336 (domain (or (cdr-safe (assoc-ignore-case "domain" args))
337 (url-host url-current-object)))
338 (current-url (url-view-url t))
339 (trusted url-cookie-trusted-urls)
340 (untrusted url-cookie-untrusted-urls)
341 (expires (cdr-safe (assoc-ignore-case "expires" args)))
342 (path (or (cdr-safe (assoc-ignore-case "path" args))
344 (url-filename url-current-object))))
347 (if (not (member (downcase (car (car args)))
348 '("secure" "domain" "expires" "path")))
349 (setq rest (cons (car args) rest)))
350 (setq args (cdr args)))
352 ;; Sometimes we get dates that the timezone package cannot handle very
353 ;; gracefully - take care of this here, instead of in url-cookie-expired-p
354 ;; to speed things up.
357 (concat "^[^,]+, +\\(..\\)-\\(...\\)-\\(..\\) +"
358 "\\(..:..:..\\) +\\[*\\([^\]]+\\)\\]*$")
360 (setq expires (concat (match-string 1 expires) " "
361 (match-string 2 expires) " "
362 (match-string 3 expires) " "
363 (match-string 4 expires) " ["
364 (match-string 5 expires) "]")))
366 ;; This one is for older Emacs/XEmacs variants that don't
367 ;; understand this format without tenths of a second in it.
368 ;; Wednesday, 30-Dec-2037 16:00:00 GMT
370 ;; Wednesday, 30-Dec-2037 16:00:00.00 GMT
373 "\\([0-9]+\\)-\\([A-Za-z]+\\)-\\([0-9]+\\)[ \t]+\\([0-9]+:[0-9]+:[0-9]+\\)\\(\\.[0-9]+\\)*[ \t]+\\([-+a-zA-Z0-9]+\\)"
375 (setq expires (concat (match-string 1 expires) "-" ; day
376 (match-string 2 expires) "-" ; month
377 (match-string 3 expires) " " ; year
378 (match-string 4 expires) ".00 " ; hour:minutes:seconds
379 (match-string 6 expires)))) ":" ; timezone
381 (while (consp trusted)
382 (if (string-match (car trusted) current-url)
383 (setq trusted (- (match-end 0) (match-beginning 0)))
385 (while (consp untrusted)
386 (if (string-match (car untrusted) current-url)
387 (setq untrusted (- (match-end 0) (match-beginning 0)))
389 (if (and trusted untrusted)
390 ;; Choose the more specific match
391 (if (> trusted untrusted)
396 ;; The site was explicity marked as untrusted by the user
398 ((or (eq url-privacy-level 'paranoid)
399 (and (listp url-privacy-level) (memq 'cookies url-privacy-level)))
400 ;; user never wants cookies
402 ((and url-cookie-confirmation
404 (save-window-excursion
405 (with-output-to-temp-buffer "*Cookie Warning*"
409 (princ (format "%s - %s" (car x) (cdr x))))) rest))
411 (not (funcall url-confirmation-func
412 (format "Allow %s to set these cookies? "
413 (url-host url-current-object))))
414 (if (get-buffer "*Cookie Warning*")
415 (kill-buffer "*Cookie Warning*")))))
416 ;; user wants to be asked, and declined.
418 ((url-cookie-host-can-set-p (url-host url-current-object) domain)
419 ;; Cookie is accepted by the user, and passes our security checks
422 (setq cur (pop rest))
423 (url-cookie-store (car cur) (cdr cur)
424 expires domain path secure))))
426 (message "%s tried to set a cookie for domain %s - rejected."
427 (url-host url-current-object) domain)))))
429 (defvar url-cookie-timer nil)
431 (defcustom url-cookie-save-interval 3600
432 "*The number of seconds between automatic saves of cookies.
433 Default is 1 hour. Note that if you change this variable outside of
434 the `customize' interface after `url-do-setup' has been run, you need
435 to run the `url-cookie-setup-save-timer' function manually."
436 :set (function (lambda (var val)
437 (set-default var val)
439 (fboundp 'url-cookie-setup-save-timer)
440 (url-cookie-setup-save-timer))))
445 (defun url-cookie-setup-save-timer ()
446 "Reset the cookie saver timer."
450 (ignore-errors (delete-itimer url-cookie-timer))
451 (setq url-cookie-timer nil)
452 (if url-cookie-save-interval
453 (setq url-cookie-timer
454 (start-itimer "url-cookie-saver" 'url-cookie-write-file
455 url-cookie-save-interval
456 url-cookie-save-interval))))
457 ((fboundp 'run-at-time)
458 (ignore-errors (cancel-timer url-cookie-timer))
459 (setq url-cookie-timer nil)
460 (if url-cookie-save-interval
461 (setq url-cookie-timer
462 (run-at-time url-cookie-save-interval
463 url-cookie-save-interval
464 'url-cookie-write-file))))
467 (provide 'url-cookie)