Permalink
Browse files

Fix edge cases for domain :all option on cookie store

Dont set explicit domain for cookies if host is not a domain name

[#6002 state:committed]

Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
  • Loading branch information...
1 parent 875bbd5 commit ebc47465a5865ab91dc7d058d2d8a0cc961510d7 brainopia committed with vijaydev Dec 9, 2010
Showing with 26 additions and 2 deletions.
  1. +5 −2 actionpack/lib/action_dispatch/middleware/cookies.rb
  2. +21 −0 actionpack/test/dispatch/cookies_test.rb
@@ -131,8 +131,11 @@ def handle_options(options) #:nodoc:
options[:path] ||= "/"
if options[:domain] == :all
- @host =~ DOMAIN_REGEXP
- options[:domain] = ".#{$1}.#{$2}"
+ # if host is not ip and matches domain regexp
+ # (ip confirms to domain regexp so we explicitly check for ip)
+ options[:domain] = if (@host !~ /^[\d.]+$/) && (@host =~ DOMAIN_REGEXP)
+ ".#{$1}.#{$2}"
+ end
end
end
@@ -295,6 +295,27 @@ def test_cookie_with_all_domain_option_using_host_with_port
assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
end
+ def test_cookie_with_all_domain_option_using_localhost
+ @request.host = "localhost"
+ get :set_cookie_with_domain
+ assert_response :success
+ assert_cookie_header "user_name=rizwanreza; path=/"
+ end
+
+ def test_cookie_with_all_domain_option_using_ipv4_address
+ @request.host = "192.168.1.1"
+ get :set_cookie_with_domain
+ assert_response :success
+ assert_cookie_header "user_name=rizwanreza; path=/"
+ end
+
+ def test_cookie_with_all_domain_option_using_ipv6_address
+ @request.host = "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
+ get :set_cookie_with_domain
+ assert_response :success
+ assert_cookie_header "user_name=rizwanreza; path=/"
+ end
+
def test_deleting_cookie_with_all_domain_option
get :delete_cookie_with_domain
assert_response :success

0 comments on commit ebc4746

Please sign in to comment.