Allow for any possible TLD when using the :all option with the cookie session store. This works for subdomain.mysite.local, google.co.uk, google.com.au, etc. [#5147 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>

actionpack/lib/action_dispatch/middleware/cookies.rb

@@ -69,16 +69,26 @@ module ActionDispatch
 
     class CookieJar < Hash #:nodoc:
 
-      # This regular expression is used to split the levels of a domain
-      # So www.example.co.uk gives:
-      # $1 => www.
-      # $2 => example
-      # $3 => co.uk
-      DOMAIN_REGEXP = /^(.*\.)*(.*)\.(...|...\...|....|..\...|..)$/
+      # This regular expression is used to split the levels of a domain.
+      # The top level domain can be any string without a period or
+      # **.**, ***.** style TLDs like co.uk or com.au
+      #
+      # www.example.co.uk gives:
+      # $1 => example
+      # $2 => co.uk
+      #
+      # example.com gives:
+      # $1 => example
+      # $2 => com
+      #
+      # lots.of.subdomains.example.local gives:
+      # $1 => example
+      # $2 => local
+      DOMAIN_REGEXP = /([^.]*)\.([^.]*|..\...|...\...)$/
 
       def self.build(request)
         secret = request.env[TOKEN_KEY]
-        host = request.env["HTTP_HOST"]
+        host = request.host
 
         new(secret, host).tap do |hash|
           hash.update(request.cookies)
@@ -104,7 +114,7 @@ module ActionDispatch
 
         if options[:domain] == :all
           @host =~ DOMAIN_REGEXP
-          options[:domain] = ".#{$2}.#{$3}"
+          options[:domain] = ".#{$1}.#{$2}"
         end
       end
 

actionpack/test/dispatch/cookies_test.rb

@@ -232,6 +232,34 @@ class CookiesTest < ActionController::TestCase
     assert_cookie_header "user_name=rizwanreza; domain=.nextangle.com; path=/"
   end
 
+  def test_cookie_with_all_domain_option_using_a_non_standard_tld
+    @request.host = "two.subdomains.nextangle.local"
+    get :set_cookie_with_domain
+    assert_response :success
+    assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
+  end
+
+  def test_cookie_with_all_domain_option_using_australian_style_tld
+    @request.host = "nextangle.com.au"
+    get :set_cookie_with_domain
+    assert_response :success
+    assert_cookie_header "user_name=rizwanreza; domain=.nextangle.com.au; path=/"
+  end
+
+  def test_cookie_with_all_domain_option_using_uk_style_tld
+    @request.host = "nextangle.co.uk"
+    get :set_cookie_with_domain
+    assert_response :success
+    assert_cookie_header "user_name=rizwanreza; domain=.nextangle.co.uk; path=/"
+  end
+
+  def test_cookie_with_all_domain_option_using_host_with_port
+    @request.host = "nextangle.local:3000"
+    get :set_cookie_with_domain
+    assert_response :success
+    assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
+  end
+
   def test_deleting_cookie_with_all_domain_option
     get :delete_cookie_with_domain
     assert_response :success
@@ -247,4 +275,4 @@ class CookiesTest < ActionController::TestCase
         assert_equal expected.split("\n"), header
       end
     end
-end
+end