mirror
/
hurl
mirror of https://github.com/Orange-OpenSource/hurl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix curl debug command with dot-prefixed cookie domain

This commit is contained in:
Jean-Christophe Amiel 2025-11-16 17:59:44 +01:00
parent 0d32708daf
commit 67d5fa8253
No known key found for this signature in database
GPG Key ID: 07FF11CFD55356CC
4 changed files with 43 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
integration/hurl/tests_ok/cookie/cookie_jar.curl Normal file
View File

@ -0,0 +1,2 @@
curl 'http://localhost:8000/cookie-jar'
curl --cookie 'HSID=AYQEVnDKrdst; SSID=Ap4PGTEq; foo="a b c"' 'http://localhost:8000/cookie-jar/hello'

4
integration/hurl/tests_ok/cookie/cookie_jar.hurl
View File

@ -20,3 +20,7 @@ cookie "LSID[Secure]" not exists
cookie "LSID[HttpOnly]" exists
cookie "LSID[SameSite]" not exists
cookie "foo" == "\"a b c\""
GET http://localhost:8000/cookie-jar/hello
HTTP 200

12
integration/hurl/tests_ok/cookie/cookie_jar.py
View File

@ -1,5 +1,5 @@
from app import app
from flask import make_response
from flask import make_response, request
@app.route("/cookie-jar")
@ -37,3 +37,13 @@ def set_cookie_jar():
httponly=False,
)
return resp
@app.route("/cookie-jar/hello")
def cookie_jar_hello():
cookies = request.cookies
assert len(cookies) == 3
assert cookies["HSID"] == "AYQEVnDKrdst"
assert cookies["SSID"] == "Ap4PGTEq"
assert cookies["foo"] == "a b c"
return "Hello World!"

30
packages/hurl/src/http/cookie_store.rs
View File

@ -171,13 +171,19 @@ impl Cookie {
self.expires == "1"
}
pub fn include_subdomain(&self) -> bool {
self.include_subdomain == "TRUE"
}
pub fn match_domain(&self, url: &Url) -> bool {
if let Some(domain) = url.domain() {
if self.include_subdomain == "FALSE" {
if self.domain != domain {
// We remove the legacy optional dot in cookie domain.
let cookie_domain = self.domain.strip_prefix(".").unwrap_or(&self.domain);
if let Some(url_domain) = url.domain() {
if !self.include_subdomain() {
if url_domain != cookie_domain {
return false;
}
} else if !domain.ends_with(&self.domain) {
} else if !url_domain.ends_with(&cookie_domain) {
return false;
}
}
@ -362,6 +368,22 @@ mod tests {
assert!(cookie.match_domain(&Url::from_str("http://example.com/toto").unwrap()));
assert!(cookie.match_domain(&Url::from_str("http://sub.example.com/toto").unwrap()));
assert!(!cookie.match_domain(&Url::from_str("http://example.com/tata").unwrap()));
// Lecacy cookie domain
let cookie = Cookie {
domain: ".example.com".to_string(),
include_subdomain: "TRUE".to_string(),
path: "/foo".to_string(),
https: String::new(),
expires: String::new(),
name: String::new(),
value: String::new(),
http_only: false,
};
assert!(cookie.match_domain(&Url::from_str("http://example.com/foo").unwrap()));
assert!(cookie.match_domain(&Url::from_str("http://sub.example.com/foo").unwrap()));
assert!(!cookie.match_domain(&Url::from_str("http://example.com/tata").unwrap()));
assert!(!cookie.match_domain(&Url::from_str("http://sub.example.com/tata").unwrap()));
}
#[test]