Skip to content
This repository
Browse code

Allow for any possible TLD when using the :all option with the cookie…

… session store. This works for subdomain.mysite.local, google.co.uk, google.com.au, etc. [#5147 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
  • Loading branch information...
commit fd78bb727045547371179428886c9b262d66091d 1 parent ada8c66
Bryce Thornton brycethornton authored josevalim committed
26 actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -69,16 +69,26 @@ class CookieOverflow < StandardError; end
69 69
70 70 class CookieJar < Hash #:nodoc:
71 71
72   - # This regular expression is used to split the levels of a domain
73   - # So www.example.co.uk gives:
74   - # $1 => www.
75   - # $2 => example
76   - # $3 => co.uk
77   - DOMAIN_REGEXP = /^(.*\.)*(.*)\.(...|...\...|....|..\...|..)$/
  72 + # This regular expression is used to split the levels of a domain.
  73 + # The top level domain can be any string without a period or
  74 + # **.**, ***.** style TLDs like co.uk or com.au
  75 + #
  76 + # www.example.co.uk gives:
  77 + # $1 => example
  78 + # $2 => co.uk
  79 + #
  80 + # example.com gives:
  81 + # $1 => example
  82 + # $2 => com
  83 + #
  84 + # lots.of.subdomains.example.local gives:
  85 + # $1 => example
  86 + # $2 => local
  87 + DOMAIN_REGEXP = /([^.]*)\.([^.]*|..\...|...\...)$/
78 88
79 89 def self.build(request)
80 90 secret = request.env[TOKEN_KEY]
81   - host = request.env["HTTP_HOST"]
  91 + host = request.host
82 92
83 93 new(secret, host).tap do |hash|
84 94 hash.update(request.cookies)
@@ -104,7 +114,7 @@ def handle_options(options) #:nodoc:
104 114
105 115 if options[:domain] == :all
106 116 @host =~ DOMAIN_REGEXP
107   - options[:domain] = ".#{$2}.#{$3}"
  117 + options[:domain] = ".#{$1}.#{$2}"
108 118 end
109 119 end
110 120
30 actionpack/test/dispatch/cookies_test.rb
@@ -232,6 +232,34 @@ def test_cookie_with_all_domain_option
232 232 assert_cookie_header "user_name=rizwanreza; domain=.nextangle.com; path=/"
233 233 end
234 234
  235 + def test_cookie_with_all_domain_option_using_a_non_standard_tld
  236 + @request.host = "two.subdomains.nextangle.local"
  237 + get :set_cookie_with_domain
  238 + assert_response :success
  239 + assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
  240 + end
  241 +
  242 + def test_cookie_with_all_domain_option_using_australian_style_tld
  243 + @request.host = "nextangle.com.au"
  244 + get :set_cookie_with_domain
  245 + assert_response :success
  246 + assert_cookie_header "user_name=rizwanreza; domain=.nextangle.com.au; path=/"
  247 + end
  248 +
  249 + def test_cookie_with_all_domain_option_using_uk_style_tld
  250 + @request.host = "nextangle.co.uk"
  251 + get :set_cookie_with_domain
  252 + assert_response :success
  253 + assert_cookie_header "user_name=rizwanreza; domain=.nextangle.co.uk; path=/"
  254 + end
  255 +
  256 + def test_cookie_with_all_domain_option_using_host_with_port
  257 + @request.host = "nextangle.local:3000"
  258 + get :set_cookie_with_domain
  259 + assert_response :success
  260 + assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
  261 + end
  262 +
235 263 def test_deleting_cookie_with_all_domain_option
236 264 get :delete_cookie_with_domain
237 265 assert_response :success
@@ -247,4 +275,4 @@ def assert_cookie_header(expected)
247 275 assert_equal expected.split("\n"), header
248 276 end
249 277 end
250   -end
  278 +end

0 comments on commit fd78bb7

Please sign in to comment.
Something went wrong with that request. Please try again.