Skip to content

Commit

Permalink
Only check origin if insecure scheme and there are origins to treat a…
Browse files Browse the repository at this point in the history 
…s secure, in CookieJar.filter_cookies() (#7821)

(cherry picked from commit 366ba40)
  • Loading branch information
@Rongronggg9 @patchback
Rongronggg9 authored and patchback[bot] committed Nov 12, 2023
1 parent 9d498ca commit d108e6f
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
1 change: 1 addition & 0 deletions CHANGES/7821.feature
View file
@@ -0,0 +1 @@
Only check origin if insecure scheme and there are origins to treat as secure, in ``CookieJar.filter_cookies()``.
13 changes: 6 additions & 7 deletions aiohttp/cookiejar.py
View file
Expand Up @@ -248,14 +248,13 @@ def filter_cookies(
return filtered
request_url = URL(request_url)
hostname = request_url.raw_host or ""
request_origin = URL()
with contextlib.suppress(ValueError):
request_origin = request_url.origin()

is_not_secure = (
request_url.scheme not in ("https", "wss")
and request_origin not in self._treat_as_secure_origin
)
is_not_secure = request_url.scheme not in ("https", "wss")
if is_not_secure and self._treat_as_secure_origin:
request_origin = URL()
with contextlib.suppress(ValueError):
request_origin = request_url.origin()
is_not_secure = request_origin not in self._treat_as_secure_origin

# Point 2: https://www.rfc-editor.org/rfc/rfc6265.html#section-5.4
for cookie in sorted(self, key=lambda c: len(c["path"])):
Expand Down

0 comments on commit d108e6f

Please sign in to comment.