Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CookieJar.extract_cookies doesn't process cookies form local domains when domain is explicitly set in header #90233

Closed
keddad mannequin opened this issue Dec 14, 2021 · 2 comments
Closed

CookieJar.extract_cookies doesn't process cookies form local domains when domain is explicitly set in header #90233

keddad mannequin opened this issue Dec 14, 2021 · 2 comments
Labels
3.10 only security fixes 3.11 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error

Comments

@keddad
Copy link
Mannequin

keddad mannequin commented Dec 14, 2021

BPO 46075
Nosy @keddad
PRs
  • bpo-46075: Allow for explicit domains in CookieJar #30108
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = None
created_at = <Date 2021-12-14.21:08:16.652>
labels = ['type-bug', 'library', '3.10', '3.11']
title = "CookieJar.extract_cookies doesn't process cookies form local domains when domain is explicitly set in header"
updated_at = <Date 2021-12-14.21:12:37.790>
user = 'https://github.com/keddad'

    bugs.python.org fields:

    activity = <Date 2021-12-14.21:12:37.790>
actor = 'keddad'
assignee = 'none'
closed = False
closed_date = None
closer = None
components = ['Library (Lib)']
creation = <Date 2021-12-14.21:08:16.652>
creator = 'keddad'
dependencies = []
files = []
hgrepos = []
issue_num = 46075
keywords = ['patch']
message_count = 1.0
messages = ['408564']
nosy_count = 1.0
nosy_names = ['keddad']
pr_nums = ['30108']
priority = 'normal'
resolution = None
stage = 'patch review'
status = 'open'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue46075'
versions = ['Python 3.10', 'Python 3.11']
    @keddad
    Copy link
    Mannequin Author

    keddad mannequin commented Dec 14, 2021

    Apparently, CookieJar.extract_cookies doesn't process cookies form local domains which explicitly set domain in Set-Cookie header. That means that headers with domain specified, like "Set-Cookie: foo=baz; Domain=localhost;", are ignored. As far as I can tell, this might be actually part of the standard: https://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain/32210291#32210291 . However, it looks like other HTTP clients, including modern versions of both Chrome and Firefox do accept cookies from localhost with explicit domain=localhost, and this change doesn't appear to break existing software in any way. (simple POC to test behavior in browsers: https://gist.github.com/keddad/e2ce034f68b77e59077cdb1e887fa4a1). Maybe it would be best to also allow this behavior in Python?

    @keddad keddad mannequin added 3.10 only security fixes 3.11 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error labels Dec 14, 2021
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    @JelleZijlstra
    Copy link
    Member

    Fixed in #30108 for 3.11. Thanks @keddad for your contributions!

    I'm not planning to backport the change to 3.10, so I'm closing this issue.

    @junbl junbl mentioned this issue Aug 1, 2023
    Open
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    3.10 only security fixes 3.11 only security fixes stdlib Python modules in the Lib dir type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    1 participant
    @JelleZijlstra