Skip to content
This repository has been archived by the owner on Jan 5, 2024. It is now read-only.

Support deeper levels of subdomains from RFC 6265 #35

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Support deeper levels of subdomains from RFC 6265 #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions cookiejar.gemspec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ Gem::Specification.new do |s|
s.rdoc_options = ['--title', 'CookieJar -- Client-side HTTP Cookies']
s.require_paths = ['lib']

s.add_dependency 'public_suffix', '~> 4.0'
s.add_development_dependency 'rake', '>= 10.0', '< 13'
s.add_development_dependency 'rspec-collection_matchers', '~> 1.0'
s.add_development_dependency 'rspec', '~> 3.0'
Expand Down
10 changes: 6 additions & 4 deletions lib/cookiejar/cookie_validation.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# frozen_string_literal: true
require 'cgi'
require 'uri'
require 'public_suffix'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.


module CookieJar
# Represents a set of cookie validation errors
Expand Down Expand Up @@ -107,7 +108,7 @@ def self.hostname_reach(hostname)
host = to_domain hostname
host = host.downcase
match = BASE_HOSTNAME.match host
match[1] if match
match[1] if match && (PublicSuffix.valid?(match[1]) || match[1] == 'local')
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Metrics/LineLength: Line is too long. [81/80]

end

# Compute the base of a path, for default cookie path assignment
Expand Down Expand Up @@ -161,10 +162,11 @@ def self.compute_search_domains(request_uri)
def self.compute_search_domains_for_host(host)
host = effective_host host
result = [host]
unless host =~ IPADDR
return result if host =~ IPADDR
loop do
result << ".#{host}"
base = hostname_reach host
result << ".#{base}" if base
host = hostname_reach(host)
break unless host
end
result
end
Expand Down
19 changes: 11 additions & 8 deletions spec/cookie_validation_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,6 @@
Cookie.from_set_cookie 'http://www.foo.com/', 'foo=bar;domain=bar.com'
end).to raise_error InvalidCookieError
end
it 'should fail for domains more than one level up' do
expect(lambda do
Cookie.from_set_cookie 'http://x.y.z.com/', 'foo=bar;domain=z.com'
end).to raise_error InvalidCookieError
end
it 'should fail for setting subdomain cookies' do
expect(lambda do
Cookie.from_set_cookie 'http://foo.com/', 'foo=bar;domain=auth.foo.com'
Expand Down Expand Up @@ -111,7 +106,7 @@
describe '#compute_search_domains' do
it 'should handle subdomains' do
expect(CookieValidation.compute_search_domains('http://www.auth.foo.com/')).to eq(
['www.auth.foo.com', '.www.auth.foo.com', '.auth.foo.com'])
['www.auth.foo.com', '.www.auth.foo.com', '.auth.foo.com', '.foo.com'])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Layout/MultilineMethodCallBraceLayout: Closing method call brace must be on the line after the last argument when opening brace is on a separate line from the first argument.

end
it 'should handle root domains' do
expect(CookieValidation.compute_search_domains('http://foo.com/')).to eq(
Expand All @@ -129,6 +124,10 @@
expect(CookieValidation.compute_search_domains('http://zero/')).to eq(
['zero.local', '.zero.local', '.local'])
end
it 'should handle multi-part tlds' do
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

expect(CookieValidation.compute_search_domains('http://foo.co.nz/')).to eq(
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Metrics/LineLength: Line is too long. [81/80]

['foo.co.nz', '.foo.co.nz'])
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Layout/MultilineMethodCallBraceLayout: Closing method call brace must be on the line after the last argument when opening brace is on a separate line from the first argument.

end
end
describe '#determine_cookie_domain' do
it 'should add a dot to the front of domains' do
Expand Down Expand Up @@ -190,9 +189,10 @@
it 'should handle matching a superdomain' do
expect(CookieValidation.domains_match('.foo.com', 'auth.foo.com')).to eq '.foo.com'
expect(CookieValidation.domains_match('.y.z.foo.com', 'x.y.z.foo.com')).to eq '.y.z.foo.com'
expect(CookieValidation.domains_match('.z.foo.com', 'x.y.z.foo.com')).to eq '.z.foo.com'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.
Metrics/LineLength: Line is too long. [94/80]

end
it 'should not match superdomains, or illegal domains' do
expect(CookieValidation.domains_match('.z.foo.com', 'x.y.z.foo.com')).to be_nil
it 'should not match tlds, or illegal domains' do
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

expect(CookieValidation.domains_match('.com', 'x.y.z.foo.com')).to be_nil
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

expect(CookieValidation.domains_match('foo.com', 'com')).to be_nil
end
it 'should not match domains with and without a dot suffix together' do
Expand All @@ -211,6 +211,9 @@
it 'should return nil for a root domain' do
expect(CookieValidation.hostname_reach('github.com')).to be_nil
end
it 'should return nil for a two part tld' do
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

expect(CookieValidation.hostname_reach('co.nz')).to be_nil
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Style/StringLiterals: Prefer double-quoted strings unless you need single quotes to avoid extra backslashes for escaping.

end
it "should return 'local' for a local domain" do
['foo.local', 'foo.local.'].each do |hostname|
expect(CookieValidation.hostname_reach(hostname)).to eq 'local'
Expand Down