Only check origin if insecure scheme and there are origins to treat a…

…s secure, in CookieJar.filter_cookies() (#7821)
aio-libs · Nov 12, 2023 · 366ba40 · 366ba40
1 parent cf3e139
commit 366ba40
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 7 deletions.
diff --git a/CHANGES/7821.feature b/CHANGES/7821.feature
@@ -0,0 +1 @@
+Only check origin if insecure scheme and there are origins to treat as secure, in ``CookieJar.filter_cookies()``.
diff --git a/aiohttp/cookiejar.py b/aiohttp/cookiejar.py
@@ -253,14 +253,13 @@ def filter_cookies(
             # Skip rest of function if no non-expired cookies.
             return filtered
         hostname = request_url.raw_host or ""
-        request_origin = URL()
-        with contextlib.suppress(ValueError):
-            request_origin = request_url.origin()
 
-        is_not_secure = (
-            request_url.scheme not in ("https", "wss")
-            and request_origin not in self._treat_as_secure_origin
-        )
+        is_not_secure = request_url.scheme not in ("https", "wss")
+        if is_not_secure and self._treat_as_secure_origin:
+            request_origin = URL()
+            with contextlib.suppress(ValueError):
+                request_origin = request_url.origin()
+            is_not_secure = request_origin not in self._treat_as_secure_origin
 
         # Point 2: https://www.rfc-editor.org/rfc/rfc6265.html#section-5.4
         for cookie in sorted(self, key=lambda c: len(c["path"])):