Merge pull request #2722 from square/jwilson.0712.cookiedots

Inject a leading . for better matching under JavaNetCookieJar
2026-01-15 20:56:41 +03:00 · 2016-07-12 23:37:27 -04:00
parent 60b577fecc fd509b937c
commit f91f97795b
3 changed files with 68 additions and 2 deletions
--- a/okhttp-tests/src/test/java/okhttp3/CookiesTest.java
+++ b/okhttp-tests/src/test/java/okhttp3/CookiesTest.java
@@ -23,6 +23,7 @@ import java.net.HttpCookie;
 import java.net.HttpURLConnection;
 import java.net.InetAddress;
 import java.net.URI;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -271,6 +272,58 @@ public class CookiesTest {
    assertNull(request.getHeader("Quux"));
  }

+  @Test public void acceptOriginalServerMatchesSubdomain() throws Exception {
+    CookieManager cookieManager = new CookieManager(null, ACCEPT_ORIGINAL_SERVER);
+    JavaNetCookieJar cookieJar = new JavaNetCookieJar(cookieManager);
+
+    HttpUrl url = HttpUrl.parse("https://www.squareup.com/");
+    cookieJar.saveFromResponse(url, Arrays.asList(
+        Cookie.parse(url, "a=android; Domain=squareup.com")));
+    List<Cookie> actualCookies = cookieJar.loadForRequest(url);
+    assertEquals(1, actualCookies.size());
+    assertEquals("a", actualCookies.get(0).name());
+    assertEquals("android", actualCookies.get(0).value());
+  }
+
+  @Test public void acceptOriginalServerMatchesRfc2965Dot() throws Exception {
+    CookieManager cookieManager = new CookieManager(null, ACCEPT_ORIGINAL_SERVER);
+    JavaNetCookieJar cookieJar = new JavaNetCookieJar(cookieManager);
+
+    HttpUrl url = HttpUrl.parse("https://www.squareup.com/");
+    cookieJar.saveFromResponse(url, Arrays.asList(
+        Cookie.parse(url, "a=android; Domain=.squareup.com")));
+    List<Cookie> actualCookies = cookieJar.loadForRequest(url);
+    assertEquals(1, actualCookies.size());
+    assertEquals("a", actualCookies.get(0).name());
+    assertEquals("android", actualCookies.get(0).value());
+  }
+
+  @Test public void acceptOriginalServerMatchesExactly() throws Exception {
+    CookieManager cookieManager = new CookieManager(null, ACCEPT_ORIGINAL_SERVER);
+    JavaNetCookieJar cookieJar = new JavaNetCookieJar(cookieManager);
+
+    HttpUrl url = HttpUrl.parse("https://squareup.com/");
+    cookieJar.saveFromResponse(url, Arrays.asList(
+        Cookie.parse(url, "a=android; Domain=squareup.com")));
+    List<Cookie> actualCookies = cookieJar.loadForRequest(url);
+    assertEquals(1, actualCookies.size());
+    assertEquals("a", actualCookies.get(0).name());
+    assertEquals("android", actualCookies.get(0).value());
+  }
+
+  @Test public void acceptOriginalServerDoesNotMatchDifferentServer() throws Exception {
+    CookieManager cookieManager = new CookieManager(null, ACCEPT_ORIGINAL_SERVER);
+    JavaNetCookieJar cookieJar = new JavaNetCookieJar(cookieManager);
+
+    HttpUrl url1 = HttpUrl.parse("https://api.squareup.com/");
+    cookieJar.saveFromResponse(url1, Arrays.asList(
+        Cookie.parse(url1, "a=android; Domain=api.squareup.com")));
+
+    HttpUrl url2 = HttpUrl.parse("https://www.squareup.com/");
+    List<Cookie> actualCookies = cookieJar.loadForRequest(url2);
+    assertEquals(Collections.<Cookie>emptyList(), actualCookies);
+  }
+
  private HttpUrl urlWithIpAddress(MockWebServer server, String path) throws Exception {
    return server.url(path)
        .newBuilder()
--- a/okhttp-urlconnection/src/main/java/okhttp3/JavaNetCookieJar.java
+++ b/okhttp-urlconnection/src/main/java/okhttp3/JavaNetCookieJar.java
@@ -40,7 +40,7 @@ public final class JavaNetCookieJar implements CookieJar {
    if (cookieHandler != null) {
      List<String> cookieStrings = new ArrayList<>();
      for (Cookie cookie : cookies) {
-        cookieStrings.add(cookie.toString());
+        cookieStrings.add(cookie.toString(true));
      }
      Map<String, List<String>> multimap = Collections.singletonMap("Set-Cookie", cookieStrings);
      try {
--- a/okhttp/src/main/java/okhttp3/Cookie.java
+++ b/okhttp/src/main/java/okhttp3/Cookie.java
@@ -530,6 +530,15 @@ public final class Cookie {
  }

  @Override public String toString() {
+    return toString(false);
+  }
+
+  /**
+   * @param forObsoleteRfc2965 true to include a leading {@code .} on the domain pattern. This is
+   *     necessary for {@code example.com} to match {@code www.example.com} under RFC 2965. This
+   *     extra dot is ignored by more recent specifications.
+   */
+  String toString(boolean forObsoleteRfc2965) {
    StringBuilder result = new StringBuilder();
    result.append(name);
    result.append('=');
@@ -544,7 +553,11 @@ public final class Cookie {
    }

    if (!hostOnly) {
-      result.append("; domain=").append(domain);
+      result.append("; domain=");
+      if (forObsoleteRfc2965) {
+        result.append(".");
+      }
+      result.append(domain);
    }

    result.append("; path=").append(path);