From 61edf2025fd5ac4c9d4b928093038da4bc26fb9d Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 12 Nov 2023 21:10:34 +0000 Subject: [PATCH] [PR #7821/366ba40f backport][3.9] Only check origin if insecure scheme and there are origins to treat as secure, in CookieJar.filter_cookies() (#7825) **This is a backport of PR #7821 as merged into master (366ba40f737b811e6ac2e63bb40c347fa4fafcef).** Co-authored-by: Rongrong --- CHANGES/7821.feature | 1 + aiohttp/cookiejar.py | 13 ++++++------- 2 files changed, 7 insertions(+), 7 deletions(-) create mode 100644 CHANGES/7821.feature diff --git a/CHANGES/7821.feature b/CHANGES/7821.feature new file mode 100644 index 00000000000..3413224f859 --- /dev/null +++ b/CHANGES/7821.feature @@ -0,0 +1 @@ +Only check origin if insecure scheme and there are origins to treat as secure, in ``CookieJar.filter_cookies()``. diff --git a/aiohttp/cookiejar.py b/aiohttp/cookiejar.py index 4fc3ec97e1f..372a0e7b723 100644 --- a/aiohttp/cookiejar.py +++ b/aiohttp/cookiejar.py @@ -248,14 +248,13 @@ def filter_cookies( return filtered request_url = URL(request_url) hostname = request_url.raw_host or "" - request_origin = URL() - with contextlib.suppress(ValueError): - request_origin = request_url.origin() - is_not_secure = ( - request_url.scheme not in ("https", "wss") - and request_origin not in self._treat_as_secure_origin - ) + is_not_secure = request_url.scheme not in ("https", "wss") + if is_not_secure and self._treat_as_secure_origin: + request_origin = URL() + with contextlib.suppress(ValueError): + request_origin = request_url.origin() + is_not_secure = request_origin not in self._treat_as_secure_origin # Point 2: https://www.rfc-editor.org/rfc/rfc6265.html#section-5.4 for cookie in sorted(self, key=lambda c: len(c["path"])):