acceptCookieDomain enforces RFC 6265 response-domain acceptance. Trailing-dot, exact-match public-suffix, and exact-match IP-literal Domain attributes are downgraded to host-only so same-host behavior is preserved without storing cookies under shared suffixes or allowing IP suffix matching across un
(host, domain string)
| 464 | // cookies under shared suffixes or allowing IP suffix matching across |
| 465 | // unrelated hosts. |
| 466 | func acceptCookieDomain(host, domain string) cookieDomainAcceptance { |
| 467 | if strings.HasSuffix(domain, ".") { |
| 468 | return cookieDomainAcceptance{domain: host, isHostOnly: true, isOk: true} |
| 469 | } |
| 470 | |
| 471 | if host == domain { |
| 472 | if isIPLiteral(domain) || isPublicSuffixDomain(domain) { |
| 473 | return cookieDomainAcceptance{domain: host, isHostOnly: true, isOk: true} |
| 474 | } |
| 475 | return cookieDomainAcceptance{domain: domain, isOk: true} |
| 476 | } |
| 477 | |
| 478 | if isIPLiteral(host) || isIPLiteral(domain) || isPublicSuffixDomain(domain) || !domainMatch(host, domain) { |
| 479 | return cookieDomainAcceptance{} |
| 480 | } |
| 481 | |
| 482 | return cookieDomainAcceptance{domain: domain, isOk: true} |
| 483 | } |
| 484 | |
| 485 | func isIPLiteral(host string) bool { |
| 486 | if len(host) >= 2 && host[0] == '[' && host[len(host)-1] == ']' { |
no test coverage detected