From a5b40be00507b0f174df9c981cdf99a24a4a2278 Mon Sep 17 00:00:00 2001
From: Antoine Toulme <antoine@lunar-ocean.com>
Date: Thu, 6 Jun 2024 21:25:23 -0700
Subject: [PATCH] use publicsuffix

---
 config/confighttp/README.md          |  3 +++
 config/confighttp/confighttp.go      | 12 +++++++++++-
 config/confighttp/confighttp_test.go |  2 +-
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/config/confighttp/README.md b/config/confighttp/README.md
index 897919a3388..41132857549 100644
--- a/config/confighttp/README.md
+++ b/config/confighttp/README.md
@@ -36,6 +36,9 @@ README](../configtls/README.md).
 - [`http2_ping_timeout`](https://pkg.go.dev/golang.org/x/net/http2#Transport)
 - [`cookies`](https://pkg.go.dev/net/http#CookieJar)
   - [`enabled`] if enabled, the client will store cookies from server responses and reuse them in subsequent requests.
+  - [`insecure`] if true, the client accepts setting cookies for any domain. This is useful for testing but is insecure:
+    it means that the HTTP server for foo.co.uk can set a cookie for bar.co.uk.
+    If false, the client will allow setting cookies based on the list provided by https://publicsuffix.org/
 
 Example:
 
diff --git a/config/confighttp/confighttp.go b/config/confighttp/confighttp.go
index cf542efb525..8b0a61e1777 100644
--- a/config/confighttp/confighttp.go
+++ b/config/confighttp/confighttp.go
@@ -19,6 +19,7 @@ import (
 	"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
 	"go.opentelemetry.io/otel"
 	"golang.org/x/net/http2"
+	"golang.org/x/net/publicsuffix"
 
 	"go.opentelemetry.io/collector/component"
 	"go.opentelemetry.io/collector/config/configauth"
@@ -112,6 +113,10 @@ type ClientConfig struct {
 type CookiesConfig struct {
 	// Enabled if true, cookies from HTTP responses will be reused in further HTTP requests with the same server.
 	Enabled bool `mapstructure:"enabled"`
+	// Insecure if true, the client accepts setting cookies for any domain. This is useful for testing but is insecure:
+	// it means that the HTTP server for foo.co.uk can set a cookie for bar.co.uk.
+	// If false, the client will allow setting cookies based on the list provided by https://publicsuffix.org/
+	Insecure bool `mapstructure:"insecure"`
 }
 
 // NewDefaultClientConfig returns ClientConfig type object with
@@ -242,7 +247,12 @@ func (hcs *ClientConfig) ToClient(ctx context.Context, host component.Host, sett
 
 	var jar http.CookieJar
 	if hcs.Cookies != nil && hcs.Cookies.Enabled {
-		jar, err = cookiejar.New(nil)
+		opts := &cookiejar.Options{}
+		if !hcs.Cookies.Insecure {
+			opts.PublicSuffixList = publicsuffix.List
+		}
+
+		jar, err = cookiejar.New(opts)
 		if err != nil {
 			return nil, err
 		}
diff --git a/config/confighttp/confighttp_test.go b/config/confighttp/confighttp_test.go
index dfce5e97c68..510d6e490f6 100644
--- a/config/confighttp/confighttp_test.go
+++ b/config/confighttp/confighttp_test.go
@@ -83,7 +83,7 @@ func TestAllHTTPClientSettings(t *testing.T) {
 				IdleConnTimeout:      &idleConnTimeout,
 				Compression:          "",
 				DisableKeepAlives:    true,
-				Cookies:              &CookiesConfig{Enabled: true},
+				Cookies:              &CookiesConfig{Enabled: true, Insecure: true},
 				HTTP2ReadIdleTimeout: idleConnTimeout,
 				HTTP2PingTimeout:     http2PingTimeout,
 			},