Merge pull request #343 from dreid/dreid/fix-cookie-scoping-for-https

Fix cookie scoping for HTTPS urls.
twisted · Feb 8, 2022 · 226ed2d · 226ed2d
2 parents da889ea + 7661b63
commit 226ed2d
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 3 deletions.
diff --git a/src/treq/client.py b/src/treq/client.py
@@ -60,7 +60,7 @@ def _scoped_cookiejar_from_dict(url_object, cookie_dict):
             (url_object.scheme == "https" and url_object.port == 443)
             or (url_object.scheme == "http" and url_object.port == 80)
         )
-        port = str(url_object.port)
+        port = str(url_object.port) if port_specified else None
         domain = url_object.host
         netscape_domain = domain if '.' in domain else domain + '.local'
 

diff --git a/src/treq/test/test_testing.py b/src/treq/test/test_testing.py
@@ -327,10 +327,10 @@ def test_session_persistence_between_requests(self):
         sid_4 = self.successResultOf(resp.content())
         self.assertEqual(sid_3, sid_4)
 
-    def test_different_domains(self):
+    def test_cookies_not_sent_to_different_domains(self):
         """
         Cookies manually specified as part of a dictionary are not relayed
-        through redirects.
+        through redirects to different domains.
 
         (This is really more of a test for scoping of cookies within treq
         itself, rather than just for testing.)
@@ -345,6 +345,50 @@ def test_different_domains(self):
         received = self.successResultOf(resp.json())
         self.assertNotIn('not-across-redirect', received.get('Cookie', [''])[0])
 
+    def test_cookies_sent_for_same_domain(self):
+        """
+        Cookies manually specified as part of a dictionary are relayed
+        through redirects to the same domain.
+
+        (This is really more of a test for scoping of cookies within treq
+        itself, rather than just for testing.)
+        """
+        rsrc = _RedirectResource()
+        stub = StubTreq(rsrc)
+        d = stub.request(
+            "GET", "https://example.org/",
+            cookies={'sent-to-same-domain': 'yes'}
+        )
+        resp = self.successResultOf(d)
+        received = self.successResultOf(resp.json())
+        self.assertIn('sent-to-same-domain', received.get('Cookie', [''])[0])
+
+    def test_cookies_sent_with_explicit_port(self):
+        """
+        Cookies will be sent for URLs that specify a non-default port for their scheme.
+
+        (This is really more of a test for scoping of cookies within treq
+        itself, rather than just for testing.)
+        """
+        rsrc = _RedirectResource()
+        stub = StubTreq(rsrc)
+
+        d = stub.request(
+            "GET", "http://example.org:8080/redirected",
+            cookies={'sent-to-non-default-port': 'yes'}
+        )
+        resp = self.successResultOf(d)
+        received = self.successResultOf(resp.json())
+        self.assertIn('sent-to-non-default-port', received.get('Cookie', [''])[0])
+
+        d = stub.request(
+            "GET", "https://example.org:8443/redirected",
+            cookies={'sent-to-non-default-port': 'yes'}
+        )
+        resp = self.successResultOf(d)
+        received = self.successResultOf(resp.json())
+        self.assertIn('sent-to-non-default-port', received.get('Cookie', [''])[0])
+
 
 class HasHeadersTests(TestCase):
     """