Hi Julian, On Mon, Apr 27, 2026 at 11:30:06PM +0200, Julian Jørgensen wrote:
Hi Dillo devs,
Thanks for a great browser :-). I'm having great fun using it for accessing smaller sites. However, I might have found a minor issue with the way it handles cookies. I'm not very familiar with browser, so the problem is most likely on the site I'm trying to access.
I use this pretty popular search engine called kagi.com. They have a html mode, which I enjoy testing in browsers like Dillo. The problem is that their session cookie is saved with an empty domain like so: `Domain=;`.
As far as I can understand from [1], it seems that this should result in Dillo (the user agent?) ignoring this key/value pair. However, Dillo will parse the domain as "", which will fail the domain/host verification later in the program.
I have attached a git formatted patch to demonstrate the issue. After applying this change, the kagi.com page works like I would expect.
Thanks for the patch, it seems to work as intended. I also think that ignoring the key/value is the right interpretation from: https://www.rfc-editor.org/rfc/rfc6265#section-5.2.3
If the attribute-value is empty, the behavior is undefined. However, the user agent SHOULD ignore the cookie-av entirely.
I will merge it after fixing the cookies unit test, so I can add extra cases for empty domains. Best, Rodrigo.