From: "mame (Yusuke Endoh)" <noreply@...>
Date: 2022-11-26T17:00:05+00:00
Subject: [ruby-core:111023] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot

Issue #19153 has been updated by mame (Yusuke Endoh).


This issue is discussed at https://github.com/ruby/cgi/pull/29 .

As I wrote in https://github.com/ruby/cgi/pull/29#issuecomment-1325852303, RFC 6265 prohibits leading dot for Cookie domain. However, the old spec of Cookie (RFC 2109) required the leading dot. I think it is reasonable to allow leading dots.

@akr @naruse What do you think?

----------------------------------------
Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot
https://bugs.ruby-lang.org/issues/19153#change-100277

* Author: cpinto (Celso Pinto)
* Status: Open
* Priority: Normal
* ruby -v: ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [arm64-darwin22]
* Backport: 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN
----------------------------------------
The rspec tests of our Rails app started failing with an ArgumentError after upgrading to 2.7.7. On inspection, the issue seems to be caused by CGI::Cookie.domain=:

```
def domain=(str)
      if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str))
        raise ArgumentError, "invalid domain: #{str.dump}"
      end
      @domain = str
    end
```

Setting a breakpoint:

0> str
=> ".example.com"

0> DOMAIN_VALUE_RE
=> /\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z/

0> DOMAIN_VALUE_RE.match?(str)
=> false

0> DOMAIN_VALUE_RE.match?('example.com')
=> true



-- 
https://bugs.ruby-lang.org/
 ______________________________________________
 ruby-core mailing list -- ruby-core@ml.ruby-lang.org
 To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org
 ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/