You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm to set domain for cookies with preceding dot, for example ".example.com". On server I specify domain as ".example.com" and it sends proper headers.
I use aiohttp server, so I write tests using plugin for pytest. When testing I found that preceding dot is stripped from cookie domain when you check it using `response.cookies[<cookie_name>].domain. I've tried the same using aiohttp client and found that it has the same issue.
You can see that client receives "Set-Cookie" header with domain ".example.com", but when accessing it using response.cookies the cookie has domain "example.com".
Your environment
Python 3.7.2
ArchLinux
aiohttp==3.5.4
The text was updated successfully, but these errors were encountered:
Long story short
I'm to set domain for cookies with preceding dot, for example ".example.com". On server I specify domain as ".example.com" and it sends proper headers.
I use aiohttp server, so I write tests using plugin for pytest. When testing I found that preceding dot is stripped from cookie domain when you check it using `response.cookies[<cookie_name>].domain. I've tried the same using aiohttp client and found that it has the same issue.
The leading dot in browser allows all subdomains to access cookie, while without it subdomain can't access cookies. This was found by testing browsers, despite what is said here - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
Expected behaviour
Cookies in response cookie to not strip leading dot from domain name.
Actual behaviour
Preceding dots are striped from domain names in response.cookies.
Steps to reproduce
Test code bellow.
Server:
When receives request it outputs:
Client:
When run it outputs:
You can see that client receives "Set-Cookie" header with domain ".example.com", but when accessing it using response.cookies the cookie has domain "example.com".
Your environment
Python 3.7.2
ArchLinux
aiohttp==3.5.4
The text was updated successfully, but these errors were encountered: