Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No match on .google.com cookie domain against www.google.com #499

Closed
rubengmurray opened this issue Feb 27, 2025 · 4 comments · Fixed by #500
Closed

No match on .google.com cookie domain against www.google.com #499

rubengmurray opened this issue Feb 27, 2025 · 4 comments · Fixed by #500
Assignees
@colincasey
Labels
patch We expect this work to be a patch level change

Comments

@rubengmurray
Copy link

rubengmurray commented Feb 27, 2025
edited
Loading

Hi,

Is this behaviour expected?

bertrandom/chrome-cookies-secure#66 (comment)

  • Cookie domain is .google.com (extracted from cookie)
  • Domain passed in is www.google.com
  • A match is not made

This used to work back in [email protected]

tough-cookie/lib/cookie.js

Line 301 in e4dfb0a

function domainMatch(str, domStr, canonicalize) {

Quote from issue in chrome-cookies-secure

image image
^Fails inside domainMatch.ts for https://www.google.com

https://github.com/salesforce/tough-cookie/blob/master/lib/cookie/domainMatch.ts#L95

For https://google.com this always passes

https://github.com/salesforce/tough-cookie/blob/master/lib/cookie/domainMatch.ts#L88
@colincasey
Copy link
Contributor

@rubengmurray I'm going to rephrase your question just to make sure I'm understanding you (please correct me if I've misunderstood):

The domainMatch function in [email protected] used to return true when called with domainMatch("www.google.com", ".google.com") but now in [email protected] it returns false. Is this expected?

If so, I think you're correct that this is a regression bug. The comparison against performed here should be against the canonicalized _domStr, not the non-canonicalized cookieDomain.

@colincasey colincasey added the patch We expect this work to be a patch level change label Feb 28, 2025
@colincasey colincasey self-assigned this Feb 28, 2025
@colincasey colincasey mentioned this issue Feb 28, 2025
Merged
@rubengmurray
Copy link
Author

@rubengmurray I'm going to rephrase your question just to make sure I'm understanding you (please correct me if I've misunderstood):

The domainMatch function in [email protected] used to return true when called with domainMatch("www.google.com", ".google.com") but now in [email protected] it returns false. Is this expected?

If so, I think you're correct that this is a regression bug. The comparison against performed here should be against the canonicalized _domStr, not the non-canonicalized cookieDomain.

That's a clearer way of putting it yes. Thanks for checking this out.

@colincasey
Copy link
Contributor

@rubengmurray this fix should now be available in https://www.npmjs.com/package/tough-cookie/v/5.1.2

@rubengmurray rubengmurray mentioned this issue Feb 28, 2025
Merged
@rubengmurray
Copy link
Author

Perfect. Latest version works in chrome-cookies-secure tests 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@colincasey colincasey

Labels
patch We expect this work to be a patch level change
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix regression bug in domainMatch salesforce/tough-cookie
2 participants
@colincasey @rubengmurray