diff options
Diffstat (limited to 'src/gun_cookies.erl')
-rw-r--r-- | src/gun_cookies.erl | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/src/gun_cookies.erl b/src/gun_cookies.erl index 1c84ba9..44f4ab7 100644 --- a/src/gun_cookies.erl +++ b/src/gun_cookies.erl @@ -12,7 +12,6 @@ %% ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF %% OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -%% @todo A test suite can be created based on https://github.com/web-platform-tests/wpt/tree/master/cookies -module(gun_cookies). -export([domain_match/2]). @@ -149,7 +148,7 @@ session_gc(Store) -> %% @todo The given URI must be normalized. -spec set_cookie(Store, uri_string:uri_map(), binary(), binary(), cow_cookie:cookie_opts()) -> {ok, Store} | {error, any()} when Store::store(). -set_cookie(Store, URI, Name, Value, Attrs) -> +set_cookie(Store, URI=#{host := Host}, Name, Value, Attrs) -> %% @todo This is where we would add a feature to block cookies (like a blacklist). CurrentTime = erlang:universaltime(), Cookie0 = #{ @@ -175,17 +174,25 @@ set_cookie(Store, URI, Name, Value, Attrs) -> expiry_time => infinity } end, - Domain = maps:get(domain, Attrs, <<>>), - %% @todo This is where we would reject public suffixes. https://publicsuffix.org/ + Domain0 = maps:get(domain, Attrs, <<>>), + Domain = case gun_public_suffix:match(Domain0) of + false -> + Domain0; + true when Host =:= Domain0 -> + <<>>; + true -> + {error, domain_is_public_suffix} + end, case Domain of <<>> -> set_cookie(Store, URI, Attrs, Cookie#{ host_only => true, - domain => maps:get(host, URI) + domain => Host }); + Error = {error, _} -> + Error; _ -> - %% @todo Domain must already be canonicalized here. - case domain_match(maps:get(host, URI), Domain) of + case domain_match(Host, Domain) of true -> set_cookie(Store, URI, Attrs, Cookie#{ host_only => false, @@ -270,7 +277,6 @@ set_cookie3(Store, Attrs, Cookie=#{name := Name, set_cookie_store(Store, Cookie) end. -%% @todo Cookies with an expiry_time in the past result in the cookie getting deleted. set_cookie_store(Store0, Cookie) -> Match = maps:with([name, domain, host_only, path], Cookie), case set_cookie_take_exact_match(Store0, Match) of @@ -365,7 +371,6 @@ wpt_http_state_test_() -> "test/wpt/cookies/chromium0012-test", %% Doesn't match the spec (empty names). "test/wpt/cookies/disabled-chromium0020-test", %% Doesn't match the spec (empty names). "test/wpt/cookies/disabled-chromium0022-test", %% Nonsense. - "test/wpt/cookies/domain0017-test", %% This requires rejecting public suffixes. "test/wpt/cookies/mozilla0012-test", %% Doesn't match the spec (empty names). "test/wpt/cookies/mozilla0014-test", %% Doesn't match the spec (empty names). "test/wpt/cookies/mozilla0015-test", %% Doesn't match the spec (empty names). |