From d4ac5801dd2c2d53eec51329e5380bbffb23bfaf Mon Sep 17 00:00:00 2001 From: Colin Casey Date: Wed, 24 Aug 2022 15:16:34 -0300 Subject: [PATCH] fix: allow special use domains by default (#249) To avoid breaking behavior the `allowSpecialUseDomain` option should have been set to `true` by default. This PR also adds tests that cover when a default `CookieStore` is created it does allow cookies with special use domains. closes #246 --- README.md | 2 +- lib/cookie.js | 5 ++++- lib/memstore.js | 2 +- test/api_test.js | 40 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 46 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a54dbd9e..8568905c 100644 --- a/README.md +++ b/README.md @@ -265,7 +265,7 @@ The `options` object can be omitted and can have the following properties: - _rejectPublicSuffixes_ - boolean - default `true` - reject cookies with domains like "com" and "co.uk" - _looseMode_ - boolean - default `false` - accept malformed cookies like `bar` and `=bar`, which have an implied empty name. - _prefixSecurity_ - string - default `silent` - set to `'unsafe-disabled'`, `'silent'`, or `'strict'`. See [Cookie Prefixes](#cookie-prefixes) below. -- _allowSpecialUseDomain_ - boolean - default `false` - accepts special-use domain suffixes, such as `local`. Useful for testing purposes. +- _allowSpecialUseDomain_ - boolean - default `true` - accepts special-use domain suffixes, such as `local`. Useful for testing purposes. This is not in the standard, but is used sometimes on the web and is accepted by most browsers. #### `.setCookie(cookieOrString, currentUrl[, options][, callback(err, cookie)])` diff --git a/lib/cookie.js b/lib/cookie.js index 862fe015..f90d6a71 100644 --- a/lib/cookie.js +++ b/lib/cookie.js @@ -1099,7 +1099,10 @@ class CookieJar { validators.validate(validators.isObject(options), options); this.rejectPublicSuffixes = options.rejectPublicSuffixes; this.enableLooseMode = !!options.looseMode; - this.allowSpecialUseDomain = !!options.allowSpecialUseDomain; + this.allowSpecialUseDomain = + typeof options.allowSpecialUseDomain === "boolean" + ? options.allowSpecialUseDomain + : true; this.store = store || new MemoryCookieStore(); this.prefixSecurity = getNormalizedPrefixSecurity(options.prefixSecurity); this._cloneSync = syncWrap("clone"); diff --git a/lib/memstore.js b/lib/memstore.js index 7c9ea0fb..001ca930 100644 --- a/lib/memstore.js +++ b/lib/memstore.js @@ -64,7 +64,7 @@ class MemoryCookieStore extends Store { const results = []; if (typeof allowSpecialUseDomain === "function") { cb = allowSpecialUseDomain; - allowSpecialUseDomain = false; + allowSpecialUseDomain = true; } if (!domain) { return cb(null, []); diff --git a/test/api_test.js b/test/api_test.js index 1144cf34..42e6166e 100644 --- a/test/api_test.js +++ b/test/api_test.js @@ -592,6 +592,46 @@ function allowSpecialUseOptionVows() { ]; return specialUseDomains.reduce((vows, specialUseDomain) => { + vows[ + `cookie jar with allowSpecialUseDomain set to the default value and domain is "${specialUseDomain}"` + ] = { + topic: function() { + const cb = this.callback; + const cj = new CookieJar(); + cj.setCookie( + `settingThisShouldPass=true; Domain=dev.${specialUseDomain}; Path=/;`, + `http://dev.${specialUseDomain}`, + at(-1), + (err, cookie) => { + cb(err, { cj: cj, cookie: cookie }); + } + ); + }, + "set the cookie": function(t) { + assert.ok(t.cookie, "didn't set?!"); + assert.equal(t.cookie.key, "settingThisShouldPass"); + }, + "then, retrieving": { + topic: function(t) { + const cb = this.callback; + setTimeout(() => { + t.cj.getCookies( + `http://dev.${specialUseDomain}`, + { http: true }, + (err, cookies) => { + t.cookies = cookies; + cb(err, t); + } + ); + }, 2000); + }, + "got the cookie": function(t) { + assert.lengthOf(t.cookies, 1); + assert.equal(t.cookies[0].key, "settingThisShouldPass"); + } + } + }; + vows[ `cookie jar with allowSpecialUseDomain enabled and domain is "${specialUseDomain}"` ] = {