From d108e6fe19a3949d1d3f5c9cb2e987ec851e106a Mon Sep 17 00:00:00 2001
From: Rongrong <i@rong.moe>
Date: Mon, 13 Nov 2023 03:46:52 +0800
Subject: [PATCH] Only check origin if insecure scheme and there are origins to
 treat as secure, in CookieJar.filter_cookies() (#7821)

(cherry picked from commit 366ba40f737b811e6ac2e63bb40c347fa4fafcef)
---
 CHANGES/7821.feature |  1 +
 aiohttp/cookiejar.py | 13 ++++++-------
 2 files changed, 7 insertions(+), 7 deletions(-)
 create mode 100644 CHANGES/7821.feature

diff --git a/CHANGES/7821.feature b/CHANGES/7821.feature
new file mode 100644
index 00000000000..3413224f859
--- /dev/null
+++ b/CHANGES/7821.feature
@@ -0,0 +1 @@
+Only check origin if insecure scheme and there are origins to treat as secure, in ``CookieJar.filter_cookies()``.
diff --git a/aiohttp/cookiejar.py b/aiohttp/cookiejar.py
index 4fc3ec97e1f..372a0e7b723 100644
--- a/aiohttp/cookiejar.py
+++ b/aiohttp/cookiejar.py
@@ -248,14 +248,13 @@ def filter_cookies(
             return filtered
         request_url = URL(request_url)
         hostname = request_url.raw_host or ""
-        request_origin = URL()
-        with contextlib.suppress(ValueError):
-            request_origin = request_url.origin()
 
-        is_not_secure = (
-            request_url.scheme not in ("https", "wss")
-            and request_origin not in self._treat_as_secure_origin
-        )
+        is_not_secure = request_url.scheme not in ("https", "wss")
+        if is_not_secure and self._treat_as_secure_origin:
+            request_origin = URL()
+            with contextlib.suppress(ValueError):
+                request_origin = request_url.origin()
+            is_not_secure = request_origin not in self._treat_as_secure_origin
 
         # Point 2: https://www.rfc-editor.org/rfc/rfc6265.html#section-5.4
         for cookie in sorted(self, key=lambda c: len(c["path"])):