diff options
| author | bptato <nincsnevem662@gmail.com> | 2025-05-02 17:40:10 +0200 |
|---|---|---|
| committer | bptato <nincsnevem662@gmail.com> | 2025-05-02 17:45:22 +0200 |
| commit | 60e4fab0d304d986c9cd0005cd51fcddf92ced5f (patch) | |
| tree | 859c70ab94c9499d75d632df0f2567e36c5d6b41 | |
| parent | aa4cf462c977c7139ece96eb91852bd34756e7d3 (diff) | |
| download | chawan-60e4fab0d304d986c9cd0005cd51fcddf92ced5f.tar.gz | |
cookie: do not match port in Domain
That's how cookies *should have* worked, not how they actually work.
| -rw-r--r-- | src/config/cookie.nim | 14 | ||||
| -rw-r--r-- | test/net/cookie.http | 4 |
2 files changed, 10 insertions, 8 deletions
diff --git a/src/config/cookie.nim b/src/config/cookie.nim index 672f194b..964c5f1b 100644 --- a/src/config/cookie.nim +++ b/src/config/cookie.nim @@ -147,12 +147,12 @@ func cookiePathMatches(cookiePath, requestPath: string): bool = func cookieDomainMatches(cookieDomain: string; url: URL): bool = if cookieDomain.len == 0: return false - let host = url.host if url.isIP(): - return host == cookieDomain - if host.endsWith(cookieDomain) and host.len >= cookieDomain.len: - return host.len == cookieDomain.len or - host[host.len - cookieDomain.len - 1] == '.' + return url.hostname == cookieDomain + if url.hostname.endsWith(cookieDomain) and + url.hostname.len >= cookieDomain.len: + return url.hostname.len == cookieDomain.len or + url.hostname[url.hostname.len - cookieDomain.len - 1] == '.' return false proc add(cookieJar: CookieJar; cookie: Cookie; parseMode = false, @@ -187,7 +187,7 @@ proc serialize*(cookieJar: CookieJar; url: URL): string = continue if not cookiePathMatches(cookie.path, url.pathname): continue - if cookie.hostOnly and cookie.domain != url.host: + if cookie.hostOnly and cookie.domain != url.hostname: continue if not cookie.hostOnly and not cookieDomainMatches(cookie.domain, url): continue @@ -251,7 +251,7 @@ proc parseSetCookie(str: string; t: int64; url: URL; persist: bool): cookie.domain = move(domain) cookie.hostOnly = false if cookie.hostOnly: - cookie.domain = url.host + cookie.domain = url.hostname if not hasPath: cookie.path = defaultCookiePath(url) if cookie.expires < 0: diff --git a/test/net/cookie.http b/test/net/cookie.http index d0abe683..c02f7efa 100644 --- a/test/net/cookie.http +++ b/test/net/cookie.http @@ -8,6 +8,8 @@ Set-Cookie: test5=; Domain=test.example Set-Cookie: test6=hi; Max-Age=9223372036854775807 Set-Cookie: test7=hi; Expires=Mon 0 Jan 1999 20:30:00 GMT Set-Cookie: test8=hi; Expires=Mon, 31 Feb 1999 20:30:00 GMT +Set-Cookie: test10=invalid; Domain=localhost:12345 +Set-Cookie: test11=valid; Domain=localhost <link rel=stylesheet href=cookie.css.http> <div id=x>Fail</div> @@ -19,6 +21,6 @@ x.open("GET", "headers", false); x.overrideMimeType("text/plain"); x.send(); const cookie = x.responseText.split('\n').find(x => x.startsWith("cookie:")); -assertEquals(cookie.split(': ').pop(), "test=asdfasdf; SID=31d4d96e407aad42; test3=x; test4=y; test6=hi; test7=hi; test8=hi; test9=css"); +assertEquals(cookie.split(': ').pop(), "test=asdfasdf; SID=31d4d96e407aad42; test3=x; test4=y; test6=hi; test7=hi; test8=hi; test11=valid; test9=css"); document.getElementById("x").textContent = "Success"; </script> |