electron · codebytere · Mar 16, 2023 · Mar 16, 2023
diff --git a/shell/browser/api/electron_api_cookies.cc b/shell/browser/api/electron_api_cookies.cc
@@ -177,7 +177,7 @@ std::string InclusionStatusToString(net::CookieInclusionStatus status) {
     return "Failed to parse cookie";
   if (status.HasExclusionReason(
           net::CookieInclusionStatus::EXCLUDE_INVALID_DOMAIN))
-    return "Failed to get cookie domain";
+    return "Failed to set cookie with an invalid domain attribute";
   if (status.HasExclusionReason(
           net::CookieInclusionStatus::EXCLUDE_INVALID_PREFIX))
     return "Failed because the cookie violated prefix rules.";
@@ -315,19 +315,24 @@ v8::Local<v8::Promise> Cookies::Set(v8::Isolate* isolate,
     return handle;
   }
 
+  net::CookieInclusionStatus status;
   auto canonical_cookie = net::CanonicalCookie::CreateSanitizedCookie(
       url, name ? *name : "", value ? *value : "", domain ? *domain : "",
       path ? *path : "", ParseTimeProperty(details.FindDouble("creationDate")),
       ParseTimeProperty(details.FindDouble("expirationDate")),
       ParseTimeProperty(details.FindDouble("lastAccessDate")), secure,
       http_only, same_site, net::COOKIE_PRIORITY_DEFAULT, same_party,
-      absl::nullopt);
+      absl::nullopt, &status);
+
   if (!canonical_cookie || !canonical_cookie->IsCanonical()) {
-    promise.RejectWithErrorMessage(
-        InclusionStatusToString(net::CookieInclusionStatus(
-            net::CookieInclusionStatus::EXCLUDE_FAILURE_TO_STORE)));
+    promise.RejectWithErrorMessage(InclusionStatusToString(
+        !status.IsInclude()
+            ? status
+            : net::CookieInclusionStatus(
+                  net::CookieInclusionStatus::EXCLUDE_FAILURE_TO_STORE)));
     return handle;
   }
+
   net::CookieOptions options;
   if (http_only) {
     options.set_include_httponly();

diff --git a/spec/api-net-spec.ts b/spec/api-net-spec.ts
@@ -833,6 +833,16 @@ describe('net module', () => {
       expect(cookies[0].name).to.equal('cookie2');
     });
 
+    it('throws when an invalid domain is passed', async () => {
+      const sess = session.fromPartition(`cookie-tests-${Math.random()}`);
+
+      await expect(sess.cookies.set({
+        url: 'https://electronjs.org',
+        domain: 'wssss.iamabaddomain.fun',
+        name: 'cookie1'
+      })).to.eventually.be.rejectedWith(/Failed to set cookie with an invalid domain attribute/);
+    });
+
     it('should be able correctly filter out cookies that are session', async () => {
       const sess = session.fromPartition(`cookie-tests-${Math.random()}`);
 

diff --git a/spec/api-session-spec.ts b/spec/api-session-spec.ts
@@ -129,7 +129,7 @@ describe('session module', () => {
 
       await expect(
         cookies.set({ url: '', name, value })
-      ).to.eventually.be.rejectedWith('Failed to get cookie domain');
+      ).to.eventually.be.rejectedWith('Failed to set cookie with an invalid domain attribute');
     });
 
     it('yields an error when setting a cookie with an invalid URL', async () => {
@@ -139,7 +139,7 @@ describe('session module', () => {
 
       await expect(
         cookies.set({ url: 'asdf', name, value })
-      ).to.eventually.be.rejectedWith('Failed to get cookie domain');
+      ).to.eventually.be.rejectedWith('Failed to set cookie with an invalid domain attribute');
     });
 
     it('should overwrite previous cookies', async () => {