Merge pull request #47087 from jhawthorn/cookie_domain

jhawthorn · jhawthorn · commit 1d6de1672ced · 2023-01-24T16:27:21.000-08:00
Fix cookie domain for `domain: all` on two letter single level TLD
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -461,8 +461,8 @@ def handle_options(options)
             # Case where tld_length is not provided
             else
               # Regular TLDs
-              if !(/([^.]{2,3}\.[^.]{2})$/.match?(request.host))
-                cookie_domain = dot_splitted_host.last(2).join('.')
+              if !(/\.[^.]{2,3}\.[^.]{2}\z/.match?(request.host))
+                cookie_domain = dot_splitted_host.last(2).join(".")
               # **.**, ***.** style TLDs like co.uk and com.au
               else
                 cookie_domain = dot_splitted_host.last(3).join('.')
diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb
@@ -1070,6 +1070,20 @@ def test_cookie_with_all_domain_option_using_uk_style_tld
     assert_cookie_header "user_name=rizwanreza; domain=.nextangle.co.uk; path=/; SameSite=Lax"
   end
 
+  def test_cookie_with_all_domain_option_using_two_letter_one_level_tld
+    @request.host = "hawth.ca"
+    get :set_cookie_with_domain
+    assert_response :success
+    assert_cookie_header "user_name=rizwanreza; domain=.hawth.ca; path=/; SameSite=Lax"
+  end
+
+  def test_cookie_with_all_domain_option_using_two_letter_one_level_tld_and_subdomain
+    @request.host = "x.hawth.ca"
+    get :set_cookie_with_domain
+    assert_response :success
+    assert_cookie_header "user_name=rizwanreza; domain=.hawth.ca; path=/; SameSite=Lax"
+  end
+
   def test_cookie_with_all_domain_option_using_uk_style_tld_and_two_subdomains
     @request.host = "x.nextangle.co.uk"
     get :set_cookie_with_domain
