Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: Cookie not in this host's domain. #794

Closed
breezewish opened this issue Feb 3, 2014 · 11 comments
Closed

Error: Cookie not in this host's domain. #794

breezewish opened this issue Feb 3, 2014 · 11 comments

Comments

@breezewish
Copy link

Such kind of tough-cookie errors should be ignored, however currently they cause errors and break normal requesting.

For example, assume http://foo.bar.com returns headers like Set-Cookie: NAME=value; path=/; domain=hello.bar.com. It is an invalid cookie.
With the newest request module, this request will fail. I do not think this is a correct behaviour. These errors should be ignored.
@lalitkapoor
Copy link
Member

@stash thoughts?

@stash stash self-assigned this Feb 4, 2014
@stash
Copy link
Contributor

stash commented Feb 4, 2014

A cookie with domain=hello.bar.com with host foo.bar.com will get rejected per the RFC (and in pretty much every browser too, I'm fairly confident). In order to set a cookie, the domain= parameter must be either the same domain or a sub-domain of the current page.

@stash stash closed this as completed Feb 4, 2014
@breezewish
Copy link
Author

@stash Yes, but the point is, in this case tough-cookie will throw an error so the callback function of the whole request will get that error instead of HTMLs. However this kind of cookie issues should be something like warnings, which do not cause failures. Browsers indeed ignore wrong cookies, but they won't give an error page to users.

@lalitkapoor
Copy link
Member

@stash I agree with @breeswish on this. I don't think request should return an error here as a result of the server sending a bad cookie header.

We could let tough-cookie continue to throw an error because it's an invalid cookie and handle the error in this library (by ignoring it/not adding it to the jar). We could alternatively do somethings in tough-cookie, but I think I'd prefer the former.

@mikeal
Copy link
Member

mikeal commented Feb 5, 2014

it makes sense to me that tough-cookie could throw, or return an error, on bad input and request could just handle that bad input.

if we have to do a try/catch remember that it has performance implications and opts out of any inlining inside the try/catch block.

@lalitkapoor
Copy link
Member

Note: the setCookie method has an option to ignore errors like these:

ignoreError - boolean - default false - silently ignore things like parse errors and invalid domains. CookieStore errors aren't ignored by this option.

I'll whip up a pr for this.

@lalitkapoor lalitkapoor mentioned this issue Feb 6, 2014
Merged
@stash
Copy link
Contributor

stash commented Feb 6, 2014

Apologies; i guess i misread the issue. Yes, I agree that the HTTP request itself should fail; it makes complete sense to ignore the cookie error (and just discard the set-cookie).

@stash
Copy link
Contributor

stash commented Feb 6, 2014

argh i mean "request itself should not fail"

@lalitkapoor
Copy link
Member

@breeswish I pushed an update to the master branch to address this. Can you tell me if you continue to experience this problem? (you'll have to pull it down - not npm install). I'd really appreciate it. Thanks! :)

@breezewish
Copy link
Author

@lalitkapoor Fascinating! It seems OK. Great work!

@fabiante fabiante mentioned this issue Jul 29, 2019
Closed
@jtara1
Copy link

jtara1 commented Oct 7, 2019

what would be the default domain if domain wasn't specified in the response cookie string

> jar.setCookie(req.cookie('abcaaa=aaa'))
Cookie="abcaaa=aaa; Path=/; hostOnly=true; aAge=0ms; cAge=0ms"
> jar.getCookieString()
''

krushiraj added a commit to krushiraj/fetch-cookie that referenced this issue Jun 2, 2020
@krushiraj
feat: allow errors from setCookie to be ignored
076da0b 
Refer this: request/request#794

This is an error from tough cookie and they allow us to ignore errors. Sometimes we don't wanna stop the request when there is an error in cookie setting.

So, now we can allow user to ignore or raise error in setCookie. This will be helpful as most of use this package to fetch body from a request and we don't want to end up with an error when there is something wrong in setCookie.
@krushiraj krushiraj mentioned this issue Jun 2, 2020
Closed
krushiraj added a commit to krushiraj/fetch-cookie that referenced this issue Jun 2, 2020
@krushiraj
feat: allow errors from setCookie to be ignored
55167f1 
Refer this: request/request#794

This is an error from tough cookie and they allow us to ignore errors. Sometimes we don't wanna stop the request when there is an error in cookie setting.

So, now we can allow user to ignore or raise error in setCookie. This will be helpful as most of use this package to fetch body from a request and we don't want to end up with an error when there is something wrong in setCookie.
@krushiraj krushiraj mentioned this issue Jun 2, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mikeal @stash @lalitkapoor @breezewish @jtara1