Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
I am using request (which uses tough-cookie) to test a web app that is hosted on a domain ending with a .local suffix (ex: http://foo.bar.local). Once the app's server receives a GET request, it sends back a redirect status with a set-cookie header along with authentication cookies. Each containing a .bar.local domain. When the client responds to the redirect, it attempts to put the stored cookies in the response header. This fails as the permuteDomain function (permuteDomain.js) calls the psl.get(domain) method in order to obtain the public suffix of the current page (in this case foo.bar.local). This method returns null when it is passed a domain ending in .local. This causes permuteDomain to set the list of permutations to contain foo.bar.local as the only permutation in this list. Consequently, the cookies fail to be added to the response header in the MemoryCookieStore.findCookies method.
Testing on a .local domain is fairly commonplace and, correct me if I am wrong, but .local is considered public suffix. If the rejectPublicSuffixes option is initially set to false, shouldn't .local domains be allowed as well? This boolean could be passed down to findCookies and permuteDomain, allowing the function to find the permutations of domains ending with a .local suffix. I would be happy to implement this and submit a PR.