This is an automated email from the ASF dual-hosted git repository. glynnbird pushed a commit to branch fetch in repository https://gitbox.apache.org/repos/asf/couchdb-nano.git
commit ae36ca683aa24ed69884b57e9f3cc4d10a491f5e Author: Glynn Bird <[email protected]> AuthorDate: Wed Dec 14 13:43:47 2022 +0000 http/https bug fix --- lib/cookie.js | 9 ++++----- test/cookie.test.js | 8 ++++++-- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/lib/cookie.js b/lib/cookie.js index 2d11c2e..d18a4ce 100644 --- a/lib/cookie.js +++ b/lib/cookie.js @@ -64,13 +64,12 @@ class CookieJar { const retval = [] for (i = 0; i < this.jar.length; i++) { const c = this.jar[i] - // if match domain name, protocol and timestamp + // if match domain name and timestamp if ((c.origin === parsedURL.origin || - (c.domain && parsedURL.hostname.endsWith(c.domain))) && - c.protocol === parsedURL.protocol && + (c.domain && parsedURL.hostname.endsWith(c.domain))) && c.ts >= now) { - // if cookie has httponly flag and this is not http, ignore - if (c.httponly && parsedURL.protocol !== 'http:') { + // if cookie has httponly flag and this is not http(s), ignore + if (c.httponly && !['http:', 'https:'].includes(parsedURL.protocol)) { continue } diff --git a/test/cookie.test.js b/test/cookie.test.js index b28368d..32ba062 100644 --- a/test/cookie.test.js +++ b/test/cookie.test.js @@ -362,7 +362,7 @@ test('should send cookies to authorised subdomains', () => { assert.equal(cs, '') }) -test('should not send http-only cookies to https', () => { +test('should not send http-only cookies to different protocol', () => { const cj = new CookieJar() const expiry = new Date().getTime() + 1000 * 60 const expiryStr = new Date(expiry).toGMTString() @@ -392,8 +392,12 @@ test('should not send http-only cookies to https', () => { let cs = cj.getCookieString('http://test.mydomain.com/my/path/extra') assert.equal(cs, `${cookie.value}`) - // but not https + // check we get a cookie for the same domain (https) cs = cj.getCookieString('https://test.mydomain.com/my/path/extra') + assert.equal(cs, `${cookie.value}`) + + // but not some other protocol + cs = cj.getCookieString('ws://test.mydomain.com/my/path/extra') assert.equal(cs, '') })
