Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot

Question

Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot

cpinto opened this issue a year ago · comments

The rspec tests of our Rails app started failing with an ArgumentError after upgrading to 2.7.7. On inspection, the issue seems to be caused by CGI::Cookie.domain=:

def domain=(str)
      if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
        raise ArgumentError, "invalid domain: #{str.dump}"
      end
      @domain = str
    end

Setting a breakpoint:

0> str
=> ".example.com"

0> DOMAIN_VALUE_RE
=> /\A(?(?!-)[-A-Za-z0-9]+(?<!-))(?:.\g)*\z/

0> DOMAIN_VALUE_RE.match?(str)
=> false

0> DOMAIN_VALUE_RE.match?('example.com')
=> true

Celso Pinto · Answer 1 · Sun Nov 27 2022 00:56:56 GMT+0800 (China Standard Time)

closing as there's already a PR in the works

Cyril Fluck · Answer 2 · Thu Dec 01 2022 06:19:10 GMT+0800 (China Standard Time)

PR #29 was merged