aio-libs · Dreamsorcerer · Nov 12, 2023 · Nov 12, 2023 · Nov 12, 2023
@@ -0,0 +1 @@
+Only check origin if insecure scheme and there are origins to treat as secure, in ``CookieJar.filter_cookies()``.
@@ -253,14 +253,15 @@
             # Skip rest of function if no non-expired cookies.
             return filtered
         hostname = request_url.raw_host or ""
-        request_origin = URL()
-        with contextlib.suppress(ValueError):
-            request_origin = request_url.origin()
 
-        is_not_secure = (
-            request_url.scheme not in ("https", "wss")
-            and request_origin not in self._treat_as_secure_origin
-        )
+        is_not_secure = request_url.scheme not in ("https", "wss")
+        if is_not_secure and self._treat_as_secure_origin:
+            # Only check origin if insecure scheme and there are origins to
+            # treat as secure.
+            request_origin = URL()
+            with contextlib.suppress(ValueError):
+                request_origin = request_url.origin()
+            is_not_secure = request_origin not in self._treat_as_secure_origin
 
         # Point 2: https://www.rfc-editor.org/rfc/rfc6265.html#section-5.4
         for cookie in sorted(self, key=lambda c: len(c["path"])):