* v4hn <m...@v4hn.de> [2013-01-30 17:05]:
> Digging further into that issue I found the webkit
> engine adds the prefix "#HttpOnly_" to the relevant
> cookie in the cookies.txt and wget therefore gladly ignores
> the line. Someone should probably think up a patch for that.
> It's enough to strip that prefix. Normally this seems to be
> a security issue w.r.t. XSS-attacks, but I'm not sure
> that's relevant in this specific case.
Small patch to fix this attached (Node that it requires bash). Btw.
adding --content-disposition to the wget options uses the filenames
suggested in the header, but it's an experimental option.
Cheers Jochen
>From 2a6b757556099581d8591ceea608b9bee74abeab Mon Sep 17 00:00:00 2001
From: Jochen Sprickerhof <joc...@sprickerhof.de>
Date: Thu, 31 Jan 2013 00:20:48 +0100
Subject: [PATCH] Strip HttpOnly from cookies for wget
---
config.def.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/config.def.h b/config.def.h
index 1cba4d7..90ae89c 100644
--- a/config.def.h
+++ b/config.def.h
@@ -35,8 +35,8 @@ static Bool hidebackground = FALSE;
/* DOWNLOAD(URI, referer) */
#define DOWNLOAD(d, r) { \
.v = (char *[]){ "/bin/sh", "-c", \
- "st -e /bin/sh -c \"wget '$0'" \
- " --load-cookies ~/.surf/cookies.txt" \
+ "st -e /bin/bash -c \"wget '$0'" \
+ " --load-cookies <(sed -e 's/#HttpOnly_//g' ~/.surf/cookies.txt)" \
" --user-agent '$1'" \
" --referer '$2' ; sleep 5\"", d, useragent, r, NULL \
} \
--
1.7.10.4
