From e98489ace20c217919cc1540c05531807d014465 Mon Sep 17 00:00:00 2001 From: Shira Nagen Date: Thu, 15 Dec 2022 17:05:37 +0200 Subject: [PATCH] fix(cookies): send cookies to allowed domains --- src/node/agent.js | 5 ++++- test/node/agency.js | 10 ++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/node/agent.js b/src/node/agent.js index 2581bb346..0761dc689 100644 --- a/src/node/agent.js +++ b/src/node/agent.js @@ -65,7 +65,10 @@ Agent.prototype = Object.create(AgentBase.prototype); Agent.prototype._saveCookies = function (res) { const cookies = res.headers['set-cookie']; - if (cookies) this.jar.setCookies(cookies); + if (cookies) { + const url = parse(res.request?.url || '') + this.jar.setCookies(cookies, url.hostname, url.pathname); + } }; /** diff --git a/test/node/agency.js b/test/node/agency.js index 6cc125372..198ba0688 100644 --- a/test/node/agency.js +++ b/test/node/agency.js @@ -120,6 +120,16 @@ describe('request', () => { assert.strictEqual(res.text, 'jar'); })); + it('should not share cookies between domains', () => { + assert.equal(agent4.get('https://google.com').cookies, ""); + }); + + it('should send cookies to allowed domain with a different path', () => { + const postRequest = agent4.post(`${base}/x/y/z`) + const cookiesNames = postRequest.cookies.split(';').map(cookie => cookie.split('=')[0]) + cookiesNames.should.eql(['cookie', ' connect.sid']); + }); + it('should not share cookies', (done) => { agent2.get(`${base}/dashboard`).end((error, res) => { should.exist(error);