Merge pull request #39557 from jonathanhefner/cookie-domains-strict-match
Strict match when choosing cookie domain for host
This commit is contained in:
commit
186115180e
|
@ -1,3 +1,8 @@
|
|||
* When multiple domains are specified for a cookie, a domain will now be
|
||||
chosen only if it is equal to or is a superdomain of the request host.
|
||||
|
||||
*Jonathan Hefner*
|
||||
|
||||
* `ActionDispatch::Static` handles precompiled Brotli (.br) files.
|
||||
|
||||
Adds to existing support for precompiled gzip (.gz) files.
|
||||
|
|
|
@ -457,8 +457,11 @@ module ActionDispatch
|
|||
".#{$&}"
|
||||
end
|
||||
elsif options[:domain].is_a? Array
|
||||
# If host matches one of the supplied domains without a dot in front of it.
|
||||
options[:domain] = options[:domain].find { |domain| request.host.include? domain.sub(/^\./, "") }
|
||||
# If host matches one of the supplied domains.
|
||||
options[:domain] = options[:domain].find do |domain|
|
||||
domain = domain.delete_prefix(".")
|
||||
request.host == domain || request.host.end_with?(".#{domain}")
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1106,6 +1106,27 @@ class CookiesTest < ActionController::TestCase
|
|||
assert_cookie_header "user_name=rizwanreza; domain=example1.com; path=/; SameSite=Lax"
|
||||
end
|
||||
|
||||
def test_cookie_with_several_preset_domains_using_subdomain
|
||||
@request.host = "subdomain.example1.com"
|
||||
get :set_cookie_with_domains
|
||||
assert_response :success
|
||||
assert_cookie_header "user_name=rizwanreza; domain=example1.com; path=/; SameSite=Lax"
|
||||
end
|
||||
|
||||
def test_cookie_with_several_preset_domains_using_similar_tld
|
||||
@request.host = "example1.com.au"
|
||||
get :set_cookie_with_domains
|
||||
assert_response :success
|
||||
assert_cookie_header "user_name=rizwanreza; path=/; SameSite=Lax"
|
||||
end
|
||||
|
||||
def test_cookie_with_several_preset_domains_using_similar_domain
|
||||
@request.host = "myexample1.com"
|
||||
get :set_cookie_with_domains
|
||||
assert_response :success
|
||||
assert_cookie_header "user_name=rizwanreza; path=/; SameSite=Lax"
|
||||
end
|
||||
|
||||
def test_cookie_with_several_preset_domains_using_other_domain
|
||||
@request.host = "other-domain.com"
|
||||
get :set_cookie_with_domains
|
||||
|
|
Loading…
Reference in New Issue