1 ;;; url-cookie.el --- URL cookie support
3 ;; Copyright (C) 1996-1999, 2004-2012 Free Software Foundation, Inc.
5 ;; Keywords: comm, data, processes, hypermedia
7 ;; This file is part of GNU Emacs.
9 ;; GNU Emacs is free software: you can redistribute it and/or modify
10 ;; it under the terms of the GNU General Public License as published by
11 ;; the Free Software Foundation, either version 3 of the License, or
12 ;; (at your option) any later version.
14 ;; GNU Emacs is distributed in the hope that it will be useful,
15 ;; but WITHOUT ANY WARRANTY; without even the implied warranty of
16 ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 ;; GNU General Public License for more details.
19 ;; You should have received a copy of the GNU General Public License
20 ;; along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>.
30 (eval-when-compile (require 'cl)) ; defstruct
32 (defgroup url-cookie nil
38 ;; A cookie is stored internally as a vector of 7 slots
39 ;; [ url-cookie NAME VALUE EXPIRES LOCALPART DOMAIN SECURE ]
41 (defstruct (url-cookie
42 (:constructor url-cookie-create)
46 name value expires localpart domain secure)
48 (defvar url-cookie-storage nil "Where cookies are stored.")
49 (defvar url-cookie-secure-storage nil "Where secure cookies are stored.")
50 (defcustom url-cookie-file nil
51 "File where cookies are stored on disk."
52 :type '(choice (const :tag "Default" :value nil) file)
56 (defcustom url-cookie-confirmation nil
57 "If non-nil, confirmation by the user is required to accept HTTP cookies."
61 (defcustom url-cookie-multiple-line nil
62 "If nil, HTTP requests put all cookies for the server on one line.
63 Some web servers, such as http://www.hotmail.com/, only accept cookies
64 when they are on one line. This is broken behavior, but just try
65 telling Microsoft that."
69 (defvar url-cookies-changed-since-last-save nil
70 "Whether the cookies list has changed since the last save operation.")
72 (defun url-cookie-parse-file (&optional fname)
73 "Load FNAME, default `url-cookie-file'."
74 ;; It's completely normal for the cookies file not to exist yet.
75 (load (or fname url-cookie-file) t t))
77 (defun url-cookie-clean-up (&optional secure)
78 (let ((var (if secure 'url-cookie-secure-storage 'url-cookie-storage))
80 (dolist (cur (symbol-value var))
81 (setq new-cookies nil)
82 (dolist (cur-cookie (cdr cur))
83 (or (not (url-cookie-p cur-cookie))
84 (url-cookie-expired-p cur-cookie)
85 (null (url-cookie-expires cur-cookie))
86 (setq new-cookies (cons cur-cookie new-cookies))))
88 (setcdr cur new-cookies)
89 (setq new (cons cur new))))
92 (defun url-cookie-write-file (&optional fname)
93 (when url-cookies-changed-since-last-save
94 (or fname (setq fname (expand-file-name url-cookie-file)))
95 (if (condition-case nil
97 (url-make-private-file fname)
100 (message "Error accessing cookie file `%s'" fname)
101 (url-cookie-clean-up)
102 (url-cookie-clean-up t)
104 (insert ";; Emacs-W3 HTTP cookies file\n"
105 ";; Automatically generated file!!! DO NOT EDIT!!!\n\n"
106 "(setq url-cookie-storage\n '")
107 (pp url-cookie-storage (current-buffer))
108 (insert ")\n(setq url-cookie-secure-storage\n '")
109 (pp url-cookie-secure-storage (current-buffer))
111 (insert "
\f\n;; Local Variables:\n"
112 ";; version-control: never\n"
113 ";; no-byte-compile: t\n"
115 (set (make-local-variable 'version-control) 'never)
117 (setq url-cookies-changed-since-last-save nil))))
119 (defun url-cookie-store (name value &optional expires domain localpart secure)
121 (let ((storage (if secure url-cookie-secure-storage url-cookie-storage))
123 ;; First, look for a matching domain.
124 (if (setq found-domain (assoc domain storage))
125 ;; Need to either stick the new cookie in existing domain storage
126 ;; or possibly replace an existing cookie if the names match.
127 (unless (dolist (cur (setq storage (cdr found-domain)) tmp)
128 (and (equal localpart (url-cookie-localpart cur))
129 (equal name (url-cookie-name cur))
131 (setf (url-cookie-expires cur) expires)
132 (setf (url-cookie-value cur) value)
135 (setcdr found-domain (cons
136 (url-cookie-create :name name
142 (cdr found-domain))))
143 ;; Need to add a new top-level domain.
144 (setq tmp (url-cookie-create :name name
151 (setcdr storage (cons (list domain tmp) (cdr storage))))
153 (setq url-cookie-secure-storage (list (list domain tmp))))
155 (setq url-cookie-storage (list (list domain tmp))))))))
157 (defun url-cookie-expired-p (cookie)
158 "Return non-nil if COOKIE is expired."
159 (let ((exp (url-cookie-expires cookie)))
160 (and (> (length exp) 0)
161 (> (float-time) (float-time (date-to-time exp))))))
163 (defun url-cookie-retrieve (host &optional localpart secure)
164 "Retrieve all cookies for a specified HOST and LOCALPART."
165 (let ((storage (if secure
166 (append url-cookie-secure-storage url-cookie-storage)
169 cookies retval localpart-match)
170 (dolist (cur storage)
171 (setq cookies (cdr cur))
176 ;; Remove the dot from wildcard domains
178 (if (eq ?. (aref (car cur) 0))
179 (substring (car cur) 1)
182 ;; The domains match - a possible hit!
183 (dolist (cur cookies)
184 (and (if (and (stringp
185 (setq localpart-match (url-cookie-localpart cur)))
187 (string-match (concat "^" (regexp-quote localpart-match))
189 (equal localpart localpart-match))
190 (not (url-cookie-expired-p cur))
191 (setq retval (cons cur retval))))))
194 (defun url-cookie-generate-header-lines (host localpart secure)
195 (let ((cookies (url-cookie-retrieve host localpart secure))
197 ;; Have to sort this for sending most specific cookies first.
198 (setq cookies (and cookies
201 (> (length (url-cookie-localpart x))
202 (length (url-cookie-localpart y)))))))
203 (dolist (cur cookies)
204 (setq chunk (format "%s=%s" (url-cookie-name cur) (url-cookie-value cur))
205 retval (if (and url-cookie-multiple-line
206 (< 80 (+ (length retval) (length chunk) 4)))
207 (concat retval "\r\nCookie: " chunk)
209 (concat retval "; " chunk)
210 (concat "Cookie: " chunk)))))
212 (concat retval "\r\n")
215 (defcustom url-cookie-trusted-urls nil
216 "A list of regular expressions matching URLs to always accept cookies from."
217 :type '(repeat regexp)
220 (defcustom url-cookie-untrusted-urls nil
221 "A list of regular expressions matching URLs to never accept cookies from."
222 :type '(repeat regexp)
225 (defun url-cookie-host-can-set-p (host domain)
226 (let ((case-fold-search t))
227 (if (string= host domain) ; Apparently netscape lets you do this
229 ;; Remove the dot from wildcard domains before matching.
230 (when (eq ?. (aref domain 0))
231 (setq domain (substring domain 1)))
232 (and (url-domsuf-cookie-allowed-p domain)
233 ;; Need to check and make sure the host is actually _in_ the
234 ;; domain it wants to set a cookie for though.
235 (string-match (concat (regexp-quote domain)
238 (defun url-cookie-handle-set-cookie (str)
239 (setq url-cookies-changed-since-last-save t)
240 (let* ((args (url-parse-args str t))
242 (secure (and (assoc "secure" args) t))
243 (domain (or (cdr-safe (assoc "domain" args))
244 (url-host url-current-object)))
245 (current-url (url-view-url t))
246 (trusted url-cookie-trusted-urls)
247 (untrusted url-cookie-untrusted-urls)
248 (expires (cdr-safe (assoc "expires" args)))
249 (localpart (or (cdr-safe (assoc "path" args))
251 (url-filename url-current-object))))
254 (or (member (downcase (car this)) '("secure" "domain" "expires" "path"))
255 (setq rest (cons this rest))))
257 ;; Sometimes we get dates that the timezone package cannot handle very
258 ;; gracefully - take care of this here, instead of in url-cookie-expired-p
259 ;; to speed things up.
262 (concat "^[^,]+, +\\(..\\)-\\(...\\)-\\(..\\) +"
263 "\\(..:..:..\\) +\\[*\\([^\]]+\\)\\]*$")
265 (setq expires (concat (match-string 1 expires) " "
266 (match-string 2 expires) " "
267 (match-string 3 expires) " "
268 (match-string 4 expires) " ["
269 (match-string 5 expires) "]")))
271 ;; This one is for older Emacs/XEmacs variants that don't
272 ;; understand this format without tenths of a second in it.
273 ;; Wednesday, 30-Dec-2037 16:00:00 GMT
275 ;; Wednesday, 30-Dec-2037 16:00:00.00 GMT
278 "\\([0-9]+\\)-\\([A-Za-z]+\\)-\\([0-9]+\\)[ \t]+\\([0-9]+:[0-9]+:[0-9]+\\)\\(\\.[0-9]+\\)*[ \t]+\\([-+a-zA-Z0-9]+\\)"
280 (setq expires (concat (match-string 1 expires) "-" ; day
281 (match-string 2 expires) "-" ; month
282 (match-string 3 expires) " " ; year
283 (match-string 4 expires) ".00 " ; hour:minutes:seconds
284 (match-string 6 expires)))) ":" ; timezone
286 (while (consp trusted)
287 (if (string-match (car trusted) current-url)
288 (setq trusted (- (match-end 0) (match-beginning 0)))
290 (while (consp untrusted)
291 (if (string-match (car untrusted) current-url)
292 (setq untrusted (- (match-end 0) (match-beginning 0)))
294 (and trusted untrusted
295 ;; Choose the more specific match.
296 (set (if (> trusted untrusted) 'untrusted 'trusted) nil))
299 ;; The site was explicitly marked as untrusted by the user.
301 ((or (eq url-privacy-level 'paranoid)
302 (and (listp url-privacy-level) (memq 'cookies url-privacy-level)))
303 ;; User never wants cookies.
305 ((and url-cookie-confirmation
307 (save-window-excursion
308 (with-output-to-temp-buffer "*Cookie Warning*"
310 (princ (format "%s - %s" (car x) (cdr x)))))
312 (not (funcall url-confirmation-func
313 (format "Allow %s to set these cookies? "
314 (url-host url-current-object))))
315 (if (get-buffer "*Cookie Warning*")
316 (kill-buffer "*Cookie Warning*")))))
317 ;; User wants to be asked, and declined.
319 ((url-cookie-host-can-set-p (url-host url-current-object) domain)
320 ;; Cookie is accepted by the user, and passes our security checks.
322 (url-cookie-store (car cur) (cdr cur) expires domain localpart secure)))
324 (url-lazy-message "%s tried to set a cookie for domain %s - rejected."
325 (url-host url-current-object) domain)))))
327 (defvar url-cookie-timer nil)
329 (defcustom url-cookie-save-interval 3600
330 "The number of seconds between automatic saves of cookies.
331 Default is 1 hour. Note that if you change this variable outside of
332 the `customize' interface after `url-do-setup' has been run, you need
333 to run the `url-cookie-setup-save-timer' function manually."
334 :set #'(lambda (var val)
335 (set-default var val)
336 (if (and (boundp 'url-setup-done) url-setup-done)
337 (url-cookie-setup-save-timer)))
341 (defun url-cookie-setup-save-timer ()
342 "Reset the cookie saver timer."
344 (ignore-errors (cancel-timer url-cookie-timer))
345 (setq url-cookie-timer nil)
346 (if url-cookie-save-interval
347 (setq url-cookie-timer (run-at-time url-cookie-save-interval
348 url-cookie-save-interval
349 #'url-cookie-write-file))))
351 (provide 'url-cookie)
353 ;;; url-cookie.el ends here