This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: CookieJar.extract_cookies doesn't process cookies form local domains when domain is explicitly set in header
Type: behavior Stage: patch review
Components: Library (Lib) Versions: Python 3.11, Python 3.10
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: keddad
Priority: normal Keywords: patch

Created on 2021-12-14 21:08 by keddad, last changed 2022-04-11 14:59 by admin.

Pull Requests
URL Status Linked Edit
PR 30108 open keddad, 2021-12-14 21:12
Messages (1)
msg408564 - (view) Author: Nick (keddad) * Date: 2021-12-14 21:08
Apparently, CookieJar.extract_cookies doesn't process cookies form local domains which explicitly set domain in Set-Cookie header. That means that headers with domain specified, like "Set-Cookie: foo=baz; Domain=localhost;", are ignored. As far as I can tell, this might be actually part of the standard: https://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain/32210291#32210291 . However, it looks like other HTTP clients, including modern versions of both Chrome and Firefox do accept cookies from localhost with explicit domain=localhost, and this change doesn't appear to break existing software in any way. (simple POC to test behavior in browsers: https://gist.github.com/keddad/e2ce034f68b77e59077cdb1e887fa4a1). Maybe it would be best to also allow this behavior in Python?
History
Date User Action Args
2022-04-11 14:59:53adminsetgithub: 90233
2021-12-14 21:12:37keddadsetkeywords: + patch
stage: patch review
pull_requests: + pull_request28330
2021-12-14 21:08:16keddadcreate