From 8b06ee751cb7a419f22811d0a7aae8d6194dafdb Mon Sep 17 00:00:00 2001 From: Colin Casey Date: Thu, 25 Aug 2022 10:03:09 -0300 Subject: [PATCH] fix: allow set cookies with localhost Adding more tests to cover the breaking use cases noted in #246. e.g.;. * `new CookieJar().setCookieSync("settingThisShouldPass=true; Domain=localhost; Path=/;", "http://localhost")` Also modifies the assertion for a test introduced in #221 that may be incorrect. --- lib/pubsuffix-psl.js | 3 +++ test/api_test.js | 44 +++++++++++++++++++++++++++++++++++++++-- test/regression_test.js | 8 +++----- 3 files changed, 48 insertions(+), 7 deletions(-) diff --git a/lib/pubsuffix-psl.js b/lib/pubsuffix-psl.js index d5555523..bf416511 100644 --- a/lib/pubsuffix-psl.js +++ b/lib/pubsuffix-psl.js @@ -59,6 +59,9 @@ function getPublicSuffix(domain, options = {}) { } if (!ignoreError && SPECIAL_USE_DOMAINS.includes(topLevelDomain)) { + if (allowSpecialUseDomain) { + return ""; + } throw new Error( `Cookie has domain set to the public suffix "${topLevelDomain}" which is a special use domain. To allow this, configure your CookieJar with {allowSpecialUseDomain:true, rejectPublicSuffixes: false}.` ); diff --git a/test/api_test.js b/test/api_test.js index 42e6166e..fae25378 100644 --- a/test/api_test.js +++ b/test/api_test.js @@ -594,6 +594,46 @@ function allowSpecialUseOptionVows() { return specialUseDomains.reduce((vows, specialUseDomain) => { vows[ `cookie jar with allowSpecialUseDomain set to the default value and domain is "${specialUseDomain}"` + ] = { + topic: function() { + const cb = this.callback; + const cj = new CookieJar(); + cj.setCookie( + `settingThisShouldPass=true; Domain=${specialUseDomain}; Path=/;`, + `http://${specialUseDomain}`, + at(-1), + (err, cookie) => { + cb(err, { cj: cj, cookie: cookie }); + } + ); + }, + "set the cookie": function(t) { + assert.ok(t.cookie, "didn't set?!"); + assert.equal(t.cookie.key, "settingThisShouldPass"); + }, + "then, retrieving": { + topic: function(t) { + const cb = this.callback; + setTimeout(() => { + t.cj.getCookies( + `http://${specialUseDomain}`, + { http: true }, + (err, cookies) => { + t.cookies = cookies; + cb(err, t); + } + ); + }, 2000); + }, + "got the cookie": function(t) { + assert.lengthOf(t.cookies, 1); + assert.equal(t.cookies[0].key, "settingThisShouldPass"); + } + } + }; + + vows[ + `cookie jar with allowSpecialUseDomain set to the default value and domain is "dev.${specialUseDomain}"` ] = { topic: function() { const cb = this.callback; @@ -633,7 +673,7 @@ function allowSpecialUseOptionVows() { }; vows[ - `cookie jar with allowSpecialUseDomain enabled and domain is "${specialUseDomain}"` + `cookie jar with allowSpecialUseDomain enabled and domain is "dev.${specialUseDomain}"` ] = { topic: function() { const cb = this.callback; @@ -676,7 +716,7 @@ function allowSpecialUseOptionVows() { }; vows[ - `cookie jar with allowSpecialUseDomain disabled and domain is "${specialUseDomain}"` + `cookie jar with allowSpecialUseDomain disabled and domain is "dev.${specialUseDomain}"` ] = { topic: function() { const cj = new CookieJar(new tough.MemoryCookieStore(), { diff --git a/test/regression_test.js b/test/regression_test.js index 29d21c0e..44f9b83e 100644 --- a/test/regression_test.js +++ b/test/regression_test.js @@ -197,12 +197,10 @@ vows return cookieJar.setCookieSync( "a=b; Domain=localhost", "http://localhost" - ); // when domain set to 'localhost', will throw 'Error: Cookie has domain set to a public suffix' + ); }, works: function(err, c) { - // localhost as domain throws an error, cookie should not be defined - assert.instanceOf(err, Error); - assert.isUndefined(c); + assert.instanceOf(c, Cookie); } } }, @@ -210,7 +208,7 @@ vows "setCookie with localhost (GH-215) (null domain)": { topic: function() { const cookieJar = new CookieJar(); - return cookieJar.setCookieSync("a=b; Domain=", "http://localhost"); // when domain set to 'localhost', will throw 'Error: Cookie has domain set to a public suffix' + return cookieJar.setCookieSync("a=b; Domain=", "http://localhost"); }, works: function(c) { assert.instanceOf(c, Cookie);