Ignore leading dot when merging cookies

Most recent specification states that leading dots are ignored by user agents: https://httpwg.org/specs/rfc6265.html#sane-domain
rack · Feb 2, 2023 · 70f4db2 · 70f4db2
1 parent 73c7174
commit 70f4db2
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/lib/rack/test/cookie_jar.rb b/lib/rack/test/cookie_jar.rb
@@ -30,8 +30,9 @@ def initialize(raw, uri = nil, default_host = DEFAULT_HOST)
         @name, @value = parse_query(@raw, ';').to_a.first
         @options = parse_query(options, ';')
 
-        if @options['domain']
+        if domain = @options['domain']
           @exact_domain_match = false
+          domain[0] = '' if domain[0] == '.'
         else
           # If the domain attribute is not present in the cookie,
           # the domain must match exactly.

diff --git a/spec/rack/test/cookie_jar_spec.rb b/spec/rack/test/cookie_jar_spec.rb
@@ -17,6 +17,12 @@
     jar_clone.to_hash.must_be_empty
   end
 
+  it 'ignores leading dot in domain' do
+    jar = Rack::Test::CookieJar.new
+    jar << Rack::Test::Cookie.new('a=c; domain=.lithostech.com', URI('https://lithostech.com'))
+    jar.get_cookie('a').domain.must_equal 'lithostech.com'
+  end
+
   it '#[] and []= should get and set cookie values' do
     jar = Rack::Test::CookieJar.new
     jar[cookie_name].must_be_nil