Merge pull request #47087 from jhawthorn/cookie_domain

Fix cookie domain for `domain: all` on two letter single level TLD
rails · Jan 24, 2023 · f6e36c9 · f6e36c9
2 parents 03082f3 + 941e0cd
commit f6e36c9
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -461,7 +461,7 @@ def handle_options(options)
             # Case where tld_length is not provided
             else
               # Regular TLDs
-              if !(/([^.]{2,3}\.[^.]{2})$/.match?(request.host))
+              if !(/\.[^.]{2,3}\.[^.]{2}\z/.match?(request.host))
                 cookie_domain = dot_splitted_host.last(2).join(".")
               # **.**, ***.** style TLDs like co.uk and com.au
               else

diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb
@@ -1153,6 +1153,20 @@ def test_cookie_with_all_domain_option_using_uk_style_tld
     assert_set_cookie_header "user_name=rizwanreza; domain=.nextangle.co.uk; path=/; SameSite=Lax"
   end
 
+  def test_cookie_with_all_domain_option_using_two_letter_one_level_tld
+    @request.host = "hawth.ca"
+    get :set_cookie_with_domain
+    assert_response :success
+    assert_set_cookie_header "user_name=rizwanreza; domain=.hawth.ca; path=/; SameSite=Lax"
+  end
+
+  def test_cookie_with_all_domain_option_using_two_letter_one_level_tld_and_subdomain
+    @request.host = "x.hawth.ca"
+    get :set_cookie_with_domain
+    assert_response :success
+    assert_set_cookie_header "user_name=rizwanreza; domain=.hawth.ca; path=/; SameSite=Lax"
+  end
+
   def test_cookie_with_all_domain_option_using_uk_style_tld_and_two_subdomains
     @request.host = "x.nextangle.co.uk"
     get :set_cookie_with_domain