.test tld has issues with subdomain cookies `app.test` on the latest versions of rails 5 (5.2.x)
idyll opened this issue · comments
Pretty sure this is NOT a bug with puma-dev. But I am also certain that someone else is going to have this issue so I want to document it here.
I am seeing issues with the .test
tld and rails. Specifically setting cookies on subdomains isn't working correctly. BUT only with .test
(It's totally possible I've just made a dumb mistake -- but so far I don't think so...)
If you are using subdomains in a Rails application and trying to test with puma-dev using .test
you probably set the domain on your cookies to be .app.test
(instead of app.test
). (In Rails.application.config.session_store).
This doesn't appear to work though. Cookies show up with app.test
instead of .app.test
which creates problems for the session store, authentication, etc.
Here's the kicker. It's only the .test
tld that has this issue. Virtually every other TLD works.
If you app previously was working but now you start seeing issues like:
ActionController::InvalidAuthenticityToken in Devise::SessionsController#create
when you attempt to authenticate from a subdomain - take a look and see if you actually have a session cookie set. If you don't, it's probably because sub.app.test
can write a cookie for app.test
. (even though it should be for .app.test
My guess is that something funny is going on inside rails or a dependency but I haven't managed to track down where yet.
It would be great if there was a standard fake TLD for everyone to use for this kinda thing. But with google grabbing .dev
and with .test
acting strange I am all out of good names.
So my suggestion is that if you're using subdomains in your application you may want to use .puma
instead of .test
If I end up figuring out what caused this I will update this ticket. It may be worthwhile considering a different fake tld other than .test
I am also experiencing this issue. Super annoying. I will be downgrading to previous version with .dev
until this can be resolved.
@idyll You can do this with the following:
brew uninstall puma-dev
brew install https://raw.githubusercontent.com/puma/homebrew-puma/8c9e86990018cc64283a10dfb678fc6ed72d634a/puma-dev.rb
Running version 0.11 (go1.9.1)
with no issues.
I just ran into this as well. Here's what I found:
My local domain looks like this: subdomain.mydomain.test
This works fine: cookies[:blabla] = "value"
It stores a cookie and sets its path to subdomain.mydomain.test
.
However, I need this cookie to be available on every subdomain on plango.test
, so what I do is this:
cookies[:blabla] = {value: "value", domain: :all}
Safari refuses to store this cookie. No warning or error message at all.
This happens on both http and https. I changed my tld to .puma
and suddenly everything works as expected. Really weird but it looks like this is unique to the .test
tld on Safari.
@idyll Thanks for keeping me sane and confirming this is a thing, haha!
Safari refuses to store this cookie. No warning or error message at all.
Same for me in 2020