Pretty sure this is NOT a bug with puma-dev. But I am also certain that someone else is going to have this issue so I want to document it here.

I am seeing issues with the .test tld and rails. Specifically setting cookies on subdomains isn't working correctly. BUT only with .test

(It's totally possible I've just made a dumb mistake -- but so far I don't think so...)

If you are using subdomains in a Rails application and trying to test with puma-dev using .test you probably set the domain on your cookies to be .app.test (instead of app.test). (In Rails.application.config.session_store).

This doesn't appear to work though. Cookies show up with app.test instead of .app.test which creates problems for the session store, authentication, etc.

Here's the kicker. It's only the .test tld that has this issue. Virtually every other TLD works.

If you app previously was working but now you start seeing issues like:
ActionController::InvalidAuthenticityToken in Devise::SessionsController#create
when you attempt to authenticate from a subdomain - take a look and see if you actually have a session cookie set. If you don't, it's probably because sub.app.test can write a cookie for app.test. (even though it should be for .app.test

My guess is that something funny is going on inside rails or a dependency but I haven't managed to track down where yet.

It would be great if there was a standard fake TLD for everyone to use for this kinda thing. But with google grabbing .dev and with .test acting strange I am all out of good names.

So my suggestion is that if you're using subdomains in your application you may want to use .puma instead of .test

If I end up figuring out what caused this I will update this ticket. It may be worthwhile considering a different fake tld other than .test

I am also experiencing this issue. Super annoying. I will be downgrading to previous version with .dev until this can be resolved.

@idyll You can do this with the following:

brew uninstall puma-dev
brew install https://raw.githubusercontent.com/puma/homebrew-puma/8c9e86990018cc64283a10dfb678fc6ed72d634a/puma-dev.rb

Running version 0.11 (go1.9.1) with no issues.

I just ran into this as well. Here's what I found:

My local domain looks like this: subdomain.mydomain.test

This works fine: cookies[:blabla] = "value"
It stores a cookie and sets its path to subdomain.mydomain.test.

However, I need this cookie to be available on every subdomain on plango.test, so what I do is this:
cookies[:blabla] = {value: "value", domain: :all}
Safari refuses to store this cookie. No warning or error message at all.

This happens on both http and https. I changed my tld to .puma and suddenly everything works as expected. Really weird but it looks like this is unique to the .test tld on Safari.

@idyll Thanks for keeping me sane and confirming this is a thing, haha!

Safari refuses to store this cookie. No warning or error message at all.

Same for me in 2020 👎 🙃