Skip to content

Commit

Permalink
Merge pull request rails#47087 from jhawthorn/cookie_domain
Browse files Browse the repository at this point in the history
Fix cookie domain for `domain: all` on two letter single level TLD
  • Loading branch information
jhawthorn committed Jan 25, 2023
1 parent c443466 commit 1e5011d
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 2 deletions.
4 changes: 2 additions & 2 deletions actionpack/lib/action_dispatch/middleware/cookies.rb
Original file line number Diff line number Diff line change
Expand Up @@ -454,8 +454,8 @@ def handle_options(options)
# Case where tld_length is not provided
else
# Regular TLDs
if !(/([^.]{2,3}\.[^.]{2})$/.match?(request.host))
cookie_domain = dot_splitted_host.last(2).join('.')
if !(/\.[^.]{2,3}\.[^.]{2}\z/.match?(request.host))
cookie_domain = dot_splitted_host.last(2).join(".")
# **.**, ***.** style TLDs like co.uk and com.au
else
cookie_domain = dot_splitted_host.last(3).join('.')
Expand Down
14 changes: 14 additions & 0 deletions actionpack/test/dispatch/cookies_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -1063,6 +1063,20 @@ def test_cookie_with_all_domain_option_using_uk_style_tld
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.co.uk; path=/; SameSite=Lax"
end

def test_cookie_with_all_domain_option_using_two_letter_one_level_tld
@request.host = "hawth.ca"
get :set_cookie_with_domain
assert_response :success
assert_cookie_header "user_name=rizwanreza; domain=.hawth.ca; path=/; SameSite=Lax"
end

def test_cookie_with_all_domain_option_using_two_letter_one_level_tld_and_subdomain
@request.host = "x.hawth.ca"
get :set_cookie_with_domain
assert_response :success
assert_cookie_header "user_name=rizwanreza; domain=.hawth.ca; path=/; SameSite=Lax"
end

def test_cookie_with_all_domain_option_using_uk_style_tld_and_two_subdomains
@request.host = "x.nextangle.co.uk"
get :set_cookie_with_domain
Expand Down

0 comments on commit 1e5011d

Please sign in to comment.