[issue46075] CookieJar.extract_cookies doesn't process cookies form local domains when domain is explicitly set in header
Nick
report at bugs.python.org
Tue Dec 14 16:08:16 EST 2021
New submission from Nick <keddad at yandex.ru>:
Apparently, CookieJar.extract_cookies doesn't process cookies form local domains which explicitly set domain in Set-Cookie header. That means that headers with domain specified, like "Set-Cookie: foo=baz; Domain=localhost;", are ignored. As far as I can tell, this might be actually part of the standard: https://stackoverflow.com/questions/1134290/cookies-on-localhost-with-explicit-domain/32210291#32210291 . However, it looks like other HTTP clients, including modern versions of both Chrome and Firefox do accept cookies from localhost with explicit domain=localhost, and this change doesn't appear to break existing software in any way. (simple POC to test behavior in browsers: https://gist.github.com/keddad/e2ce034f68b77e59077cdb1e887fa4a1). Maybe it would be best to also allow this behavior in Python?
----------
components: Library (Lib)
messages: 408564
nosy: keddad
priority: normal
severity: normal
status: open
title: CookieJar.extract_cookies doesn't process cookies form local domains when domain is explicitly set in header
type: behavior
versions: Python 3.10, Python 3.11
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue46075>
_______________________________________
More information about the Python-bugs-list
mailing list