Fossil SCM

Do not add the sync login cookie unless we know the remote supports it. It's harmless in that case but it doesn't need to be there. Rename the login cookie from the unweildy x-f-x-l (X-Fossil-Xfer-Login) to x-f-l-c (X-Fossil-Login-Card) because the former is unsightly.

stephan 2025-07-25 18:47 xfer-login-card

Commit 9789e1dce77ac767de11d325ea01469c5b0d89836312b13305fcb11288aefe55

Parent 86cc923de4d85af…

4 files changed +5 -5 +5 -3 +1 -1 +1 -1

~ src/cgi.c ~ src/http.c ~ src/main.c ~ src/xfer.c

M src/cgi.c

+5 -5

		--- src/cgi.c
		+++ src/cgi.c
		@@ -1286,11 +1286,11 @@
1286	1286	** add_param_list() and, if found, applies its "skin" setting. Returns
1287	1287	** 0 if no QUERY_STRING is set, else it returns a bitmask of:
1288	1288	**
1289	1289	** 0x01 = QUERY_STRING was set up
1290	1290	** 0x02 = "skin" URL param arg was processed
1291		-** 0x04 = "x-f-x-l" cookie arg was processed.
	1291	+** 0x04 = "x-f-l-c" cookie arg was processed.
1292	1292	**
1293	1293	* In the case of the skin, the cookie may still need flushing
1294	1294	** by the page, via cookie_render().
1295	1295	*/
1296	1296	int cgi_setup_query_string(void){
		@@ -1312,17 +1312,17 @@
1312	1312	cgi_set_parameter_nocopy("udc", "1", 1);
1313	1313	}
1314	1314	fossil_free(zErr);
1315	1315	}
1316	1316	}
1317		- if( !g.syncInfo.zLoginCard && 0!=(z=(char*)P("x-f-x-l")) ){
1318		- /* X-Fossil-Xfer-Login card transmitted via cookie instead of in
1319		- ** the sync payload. */
	1317	+ if( !g.syncInfo.zLoginCard && 0!=(z=(char*)P("x-f-l-c")) ){
	1318	+ /* x-f-l-c (X-Fossil-Login-Card card transmitted via cookie
	1319	+ ** instead of in the sync payload. */
1320	1320	rc \|= 0x04;
1321	1321	g.syncInfo.zLoginCard = fossil_strdup(z);
1322	1322	g.syncInfo.fLoginCardMode \|= 0x02;
1323		- cgi_delete_parameter("x-f-x-l");
	1323	+ cgi_delete_parameter("x-f-l-c");
1324	1324	}
1325	1325	return rc;
1326	1326	}
1327	1327
1328	1328	/*
1329	1329

	--- src/cgi.c
	+++ src/cgi.c
	@@ -1286,11 +1286,11 @@
1286	** add_param_list() and, if found, applies its "skin" setting. Returns
1287	** 0 if no QUERY_STRING is set, else it returns a bitmask of:
1288	**
1289	** 0x01 = QUERY_STRING was set up
1290	** 0x02 = "skin" URL param arg was processed
1291	** 0x04 = "x-f-x-l" cookie arg was processed.
1292	**
1293	* In the case of the skin, the cookie may still need flushing
1294	** by the page, via cookie_render().
1295	*/
1296	int cgi_setup_query_string(void){
	@@ -1312,17 +1312,17 @@
1312	cgi_set_parameter_nocopy("udc", "1", 1);
1313	}
1314	fossil_free(zErr);
1315	}
1316	}
1317	if( !g.syncInfo.zLoginCard && 0!=(z=(char*)P("x-f-x-l")) ){
1318	/* X-Fossil-Xfer-Login card transmitted via cookie instead of in
1319	** the sync payload. */
1320	rc \|= 0x04;
1321	g.syncInfo.zLoginCard = fossil_strdup(z);
1322	g.syncInfo.fLoginCardMode \|= 0x02;
1323	cgi_delete_parameter("x-f-x-l");
1324	}
1325	return rc;
1326	}
1327
1328	/*
1329

	--- src/cgi.c
	+++ src/cgi.c
	@@ -1286,11 +1286,11 @@
1286	** add_param_list() and, if found, applies its "skin" setting. Returns
1287	** 0 if no QUERY_STRING is set, else it returns a bitmask of:
1288	**
1289	** 0x01 = QUERY_STRING was set up
1290	** 0x02 = "skin" URL param arg was processed
1291	** 0x04 = "x-f-l-c" cookie arg was processed.
1292	**
1293	* In the case of the skin, the cookie may still need flushing
1294	** by the page, via cookie_render().
1295	*/
1296	int cgi_setup_query_string(void){
	@@ -1312,17 +1312,17 @@
1312	cgi_set_parameter_nocopy("udc", "1", 1);
1313	}
1314	fossil_free(zErr);
1315	}
1316	}
1317	if( !g.syncInfo.zLoginCard && 0!=(z=(char*)P("x-f-l-c")) ){
1318	/* x-f-l-c (X-Fossil-Login-Card card transmitted via cookie
1319	** instead of in the sync payload. */
1320	rc \|= 0x04;
1321	g.syncInfo.zLoginCard = fossil_strdup(z);
1322	g.syncInfo.fLoginCardMode \|= 0x02;
1323	cgi_delete_parameter("x-f-l-c");
1324	}
1325	return rc;
1326	}
1327
1328	/*
1329

M src/http.c

+5 -3

		--- src/http.c
		+++ src/http.c
		@@ -158,13 +158,15 @@
158	158	fossil_free(zEncoded);
159	159	}
160	160	blob_appendf(pHdr, "Host: %s\r\n", g.url.hostname);
161	161	blob_appendf(pHdr, "User-Agent: %s\r\n", get_user_agent());
162	162	if( g.url.isSsh ) blob_appendf(pHdr, "X-Fossil-Transport: SSH\r\n");
163		- if( nPayload>0 && pLogin && blob_size(pLogin) ){
164		- /* Add login card via a transient cookie. */
165		- blob_appendf(pHdr, "Cookie: x-f-x-l=%T\r\n", blob_str(pLogin));
	163	+ if( g.syncInfo.fLoginCardMode>0
	164	+ && nPayload>0 && pLogin && blob_size(pLogin) ){
	165	+ /* Add sync login card via a transient cookie. We can only do this
	166	+ if we know the remote supports it. */
	167	+ blob_appendf(pHdr, "Cookie: x-f-l-c=%T\r\n", blob_str(pLogin));
166	168	}
167	169	if( nPayload ){
168	170	if( zAltMimetype ){
169	171	blob_appendf(pHdr, "Content-Type: %s\r\n", zAltMimetype);
170	172	}else if( g.fHttpTrace ){
171	173

	--- src/http.c
	+++ src/http.c
	@@ -158,13 +158,15 @@
158	fossil_free(zEncoded);
159	}
160	blob_appendf(pHdr, "Host: %s\r\n", g.url.hostname);
161	blob_appendf(pHdr, "User-Agent: %s\r\n", get_user_agent());
162	if( g.url.isSsh ) blob_appendf(pHdr, "X-Fossil-Transport: SSH\r\n");
163	if( nPayload>0 && pLogin && blob_size(pLogin) ){
164	/* Add login card via a transient cookie. */
165	blob_appendf(pHdr, "Cookie: x-f-x-l=%T\r\n", blob_str(pLogin));


166	}
167	if( nPayload ){
168	if( zAltMimetype ){
169	blob_appendf(pHdr, "Content-Type: %s\r\n", zAltMimetype);
170	}else if( g.fHttpTrace ){
171

	--- src/http.c
	+++ src/http.c
	@@ -158,13 +158,15 @@
158	fossil_free(zEncoded);
159	}
160	blob_appendf(pHdr, "Host: %s\r\n", g.url.hostname);
161	blob_appendf(pHdr, "User-Agent: %s\r\n", get_user_agent());
162	if( g.url.isSsh ) blob_appendf(pHdr, "X-Fossil-Transport: SSH\r\n");
163	if( g.syncInfo.fLoginCardMode>0
164	&& nPayload>0 && pLogin && blob_size(pLogin) ){
165	/* Add sync login card via a transient cookie. We can only do this
166	if we know the remote supports it. */
167	blob_appendf(pHdr, "Cookie: x-f-l-c=%T\r\n", blob_str(pLogin));
168	}
169	if( nPayload ){
170	if( zAltMimetype ){
171	blob_appendf(pHdr, "Content-Type: %s\r\n", zAltMimetype);
172	}else if( g.fHttpTrace ){
173

M src/main.c

+1 -1

		--- src/main.c
		+++ src/main.c
		@@ -292,11 +292,11 @@
292	292	int bAvoidDeltaManifests; /* Avoid using delta manifests if true */
293	293
294	294	/* State for communicating specific details between the inbound HTTP
295	295	** header parser (cgi.c), xfer.c, and http.c. */
296	296	struct {
297		- char zLoginCard; / Inbound "x-f-x-l" Cookie header. */
	297	+ char zLoginCard; / Inbound "x-f-l-c" Cookie header. */
298	298	int fLoginCardMode; /* If non-0, emit login cards in outbound
299	299	** requests as a HTTP cookie instead of as
300	300	** part of the payload. Gets activated
301	301	** on-demand based on xfer traffic
302	302	** contents. Values, for
303	303

	--- src/main.c
	+++ src/main.c
	@@ -292,11 +292,11 @@
292	int bAvoidDeltaManifests; /* Avoid using delta manifests if true */
293
294	/* State for communicating specific details between the inbound HTTP
295	** header parser (cgi.c), xfer.c, and http.c. */
296	struct {
297	char zLoginCard; / Inbound "x-f-x-l" Cookie header. */
298	int fLoginCardMode; /* If non-0, emit login cards in outbound
299	** requests as a HTTP cookie instead of as
300	** part of the payload. Gets activated
301	** on-demand based on xfer traffic
302	** contents. Values, for
303

	--- src/main.c
	+++ src/main.c
	@@ -292,11 +292,11 @@
292	int bAvoidDeltaManifests; /* Avoid using delta manifests if true */
293
294	/* State for communicating specific details between the inbound HTTP
295	** header parser (cgi.c), xfer.c, and http.c. */
296	struct {
297	char zLoginCard; / Inbound "x-f-l-c" Cookie header. */
298	int fLoginCardMode; /* If non-0, emit login cards in outbound
299	** requests as a HTTP cookie instead of as
300	** part of the payload. Gets activated
301	** on-demand based on xfer traffic
302	** contents. Values, for
303

M src/xfer.c

+1 -1

		--- src/xfer.c
		+++ src/xfer.c
		@@ -1332,11 +1332,11 @@
1332	1332	if( zScript ){ /* NOTE: Are TH1 transfer hooks enabled? */
1333	1333	pzUuidList = &zUuidList;
1334	1334	pnUuidList = &nUuidList;
1335	1335	}
1336	1336	if( g.syncInfo.zLoginCard ){
1337		- /* Login card received via HTTP Cookie header "x-f-x-l" */
	1337	+ /* Login card received via HTTP Cookie header */
1338	1338	assert( g.syncInfo.fLoginCardMode && "Set via HTTP cookie" );
1339	1339	blob_zero(&xfer.line);
1340	1340	blob_append(&xfer.line, g.syncInfo.zLoginCard, -1);
1341	1341	xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken,
1342	1342	count(xfer.aToken));
1343	1343

	--- src/xfer.c
	+++ src/xfer.c
	@@ -1332,11 +1332,11 @@
1332	if( zScript ){ /* NOTE: Are TH1 transfer hooks enabled? */
1333	pzUuidList = &zUuidList;
1334	pnUuidList = &nUuidList;
1335	}
1336	if( g.syncInfo.zLoginCard ){
1337	/* Login card received via HTTP Cookie header "x-f-x-l" */
1338	assert( g.syncInfo.fLoginCardMode && "Set via HTTP cookie" );
1339	blob_zero(&xfer.line);
1340	blob_append(&xfer.line, g.syncInfo.zLoginCard, -1);
1341	xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken,
1342	count(xfer.aToken));
1343

	--- src/xfer.c
	+++ src/xfer.c
	@@ -1332,11 +1332,11 @@
1332	if( zScript ){ /* NOTE: Are TH1 transfer hooks enabled? */
1333	pzUuidList = &zUuidList;
1334	pnUuidList = &nUuidList;
1335	}
1336	if( g.syncInfo.zLoginCard ){
1337	/* Login card received via HTTP Cookie header */
1338	assert( g.syncInfo.fLoginCardMode && "Set via HTTP cookie" );
1339	blob_zero(&xfer.line);
1340	blob_append(&xfer.line, g.syncInfo.zLoginCard, -1);
1341	xfer.nToken = blob_tokenize(&xfer.line, xfer.aToken,
1342	count(xfer.aToken));
1343

Fossil SCM

Keyboard Shortcuts