cur_domain is effectively equivalent to '.' + cur_domain and therefor…

…e negates the effect of wild_domain
Pylons · May 29, 2020 · 942c6c0 · 942c6c0
1 parent 412fade
commit 942c6c0
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 8 deletions.
diff --git a/src/pyramid/authentication.py b/src/pyramid/authentication.py
@@ -1035,8 +1035,8 @@ def _get_cookies(self, request, value, max_age=None):
                 domains.append('.' + cur_domain.split('.', 1)[1])
             else:
                 domains.append(None)
-                domains.append(cur_domain)
                 if self.wild_domain:
+                    domains.append(cur_domain)
                     domains.append('.' + cur_domain)
 
         profile = self.cookie_profile(request)

diff --git a/tests/test_authentication.py b/tests/test_authentication.py
@@ -1177,18 +1177,12 @@ def test_remember_wild_domain_disabled(self):
         helper = self._makeOne('secret', wild_domain=False)
         request = self._makeRequest()
         result = helper.remember(request, 'other')
-        self.assertEqual(len(result), 2)
+        self.assertEqual(len(result), 1)
 
         self.assertEqual(result[0][0], 'Set-Cookie')
         self.assertTrue(result[0][1].endswith('; Path=/; SameSite=Lax'))
         self.assertTrue(result[0][1].startswith('auth_tkt='))
 
-        self.assertEqual(result[1][0], 'Set-Cookie')
-        self.assertTrue(
-            result[1][1].endswith('; Domain=localhost; Path=/; SameSite=Lax')
-        )
-        self.assertTrue(result[1][1].startswith('auth_tkt='))
-
     def test_remember_parent_domain(self):
         helper = self._makeOne('secret', parent_domain=True)
         request = self._makeRequest()