domainMatch() breaks for URLs with TLD in substring of subdomain #235

davidofwatkins · 2022-04-15T18:58:38Z

There's a bug where domainMatch() returns false unexpectedly when the domStr argument (top-level-domain) can be found elsewhere in the domain (str argument). For example:

❌ Broken:

require('tough-cookie').domainMatch('computer.com', 'com'); // false - should be true

✅ Working:

require('tough-cookie').domainMatch('c0mputer.com', 'com'); // true

The issue appears to come from the indexOf() check here:

tough-cookie/lib/cookie.js

Line 371 in 30246e6

const idx = str.indexOf(domStr);

...causing this calculation to fail:

tough-cookie/lib/cookie.js

Lines 379 to 381 in 30246e6

    
           if (str.length !== domStr.length + idx) { 
        
             return false; // it's not a suffix 
        
           }

The text was updated successfully, but these errors were encountered:

colincasey · 2022-04-18T21:04:55Z

Thanks for the bug report @davidofwatkins. I'll look into this as soon as possible. But don't let that deter you from submitting your own PR with a fix if you have one.

colincasey self-assigned this Apr 18, 2022

colincasey mentioned this issue Apr 19, 2022

fix: domain match routine #236

Merged

colincasey closed this as completed in #236 Apr 21, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

domainMatch() breaks for URLs with TLD in substring of subdomain #235

domainMatch() breaks for URLs with TLD in substring of subdomain #235

davidofwatkins commented Apr 15, 2022

colincasey commented Apr 18, 2022

domainMatch() breaks for URLs with TLD in substring of subdomain #235

domainMatch() breaks for URLs with TLD in substring of subdomain #235

Comments

davidofwatkins commented Apr 15, 2022

colincasey commented Apr 18, 2022