This release fixes inherited cookie domain validation behavior that accepted substring matches instead of RFC-style domain matches.
Fixed
- Android now rejects invalid cookie domains such as
example.comforhttps://notexample.com. - iOS uses the same exact-or-parent-domain validation when setting cookies.
- Domain validation remains case-insensitive and continues to allow exact hosts and valid parent domains.
Tests
- Added Swift regression coverage for substring domain mismatches such as
notexample.comandbadexample.com.
Fixes #3