You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using requests to access an API hosted on an application server we noticed that cookies were not added to the cookie jar in the session.
It seems that after an upgrade to the application server framework it adds a domain=; cookie-attribute to the cookies in the response.
The issue is that the set_ok_domain function from the DefaultCookiePolicy from the cookiejar library does not allow a mismatch between request host and cookie domain.
In this code snippet below, the set_ok method has been overridden to always return True, effectively allowing any cookie to be set regardless of the request host and cookie domain match.
It's important to keep in mind that this should not be used in production.
You can however verify that it is indeed the DefaultCookiePolicy, which prevents such use-cases, as the empty string in the domain.
Using requests to access an API hosted on an application server we noticed that cookies were not added to the cookie jar in the session.
It seems that after an upgrade to the application server framework it adds a
domain=;
cookie-attribute to the cookies in the response.Expected Result
The cookie to be added to the jar
Actual Result
The cookie is dropped.
Reproduction Steps
Requirements:
PyHamcrest==2.0.2
requests==2.28.1
System Information
The text was updated successfully, but these errors were encountered: