From cd754f7eea83fc10faff824deab69dd8a1937f48 Mon Sep 17 00:00:00 2001 From: dreid Date: Tue, 8 Feb 2022 08:55:48 -0800 Subject: [PATCH] Fix cookie scoping for HTTPS urls. If Cookie.port is specified not None then CookieJar will attempt to compare it to the port for the Request object by first parsing it out of `Request.host` and if there is no port specified there falling back to the `DEFAULT_HTTP_PORT` value of 80. This caused cookies to never be sent for HTTPS domains because the Cookie.port was set to 443, and the _FakeUrllib2Request.host did not contain the default port value. I've also added a test to make sure non-default port values work properly. --- src/treq/client.py | 2 +- src/treq/test/test_testing.py | 48 +++++++++++++++++++++++++++++++++-- 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/src/treq/client.py b/src/treq/client.py index 0d0c52c8..1b09fb0b 100644 --- a/src/treq/client.py +++ b/src/treq/client.py @@ -60,7 +60,7 @@ def _scoped_cookiejar_from_dict(url_object, cookie_dict): (url_object.scheme == "https" and url_object.port == 443) or (url_object.scheme == "http" and url_object.port == 80) ) - port = str(url_object.port) + port = str(url_object.port) if port_specified else None domain = url_object.host netscape_domain = domain if '.' in domain else domain + '.local' diff --git a/src/treq/test/test_testing.py b/src/treq/test/test_testing.py index 1d30f9ad..df1369c2 100644 --- a/src/treq/test/test_testing.py +++ b/src/treq/test/test_testing.py @@ -327,10 +327,10 @@ def test_session_persistence_between_requests(self): sid_4 = self.successResultOf(resp.content()) self.assertEqual(sid_3, sid_4) - def test_different_domains(self): + def test_cookies_not_sent_to_different_domains(self): """ Cookies manually specified as part of a dictionary are not relayed - through redirects. + through redirects to different domains. (This is really more of a test for scoping of cookies within treq itself, rather than just for testing.) @@ -345,6 +345,50 @@ def test_different_domains(self): received = self.successResultOf(resp.json()) self.assertNotIn('not-across-redirect', received.get('Cookie', [''])[0]) + def test_cookies_sent_for_same_domain(self): + """ + Cookies manually specified as part of a dictionary are relayed + through redirects to the same domain. + + (This is really more of a test for scoping of cookies within treq + itself, rather than just for testing.) + """ + rsrc = _RedirectResource() + stub = StubTreq(rsrc) + d = stub.request( + "GET", "https://example.org/", + cookies={'sent-to-same-domain': 'yes'} + ) + resp = self.successResultOf(d) + received = self.successResultOf(resp.json()) + self.assertIn('sent-to-same-domain', received.get('Cookie', [''])[0]) + + def test_cookies_sent_with_explicit_port(self): + """ + Cookies will be sent for URLs that specify a non-default port for their scheme. + + (This is really more of a test for scoping of cookies within treq + itself, rather than just for testing.) + """ + rsrc = _RedirectResource() + stub = StubTreq(rsrc) + + d = stub.request( + "GET", "http://example.org:8080/redirected", + cookies={'sent-to-non-default-port': 'yes'} + ) + resp = self.successResultOf(d) + received = self.successResultOf(resp.json()) + self.assertIn('sent-to-non-default-port', received.get('Cookie', [''])[0]) + + d = stub.request( + "GET", "https://example.org:8443/redirected", + cookies={'sent-to-non-default-port': 'yes'} + ) + resp = self.successResultOf(d) + received = self.successResultOf(resp.json()) + self.assertIn('sent-to-non-default-port', received.get('Cookie', [''])[0]) + class HasHeadersTests(TestCase): """