search

jkhsjdhjs / node-fetch-cookies

node-fetch wrapper that adds support for cookie-jars
MIT License
28 stars 16 forks source link

Fixing host name validation. #9

Closed pavel-mikhalchuk closed 4 years ago

pavel-mikhalchuk commented 4 years ago

Fixing the order of parameters passed to "validateHostname" method.

jkhsjdhjs commented 4 years ago

True, according to RFC2109 a cookie should be rejected if its request url does not domain-match the domain string. RFC6265 states, that a request url domain-matches a domain string, if the domain string is a suffix of the hostname of the request url. So a cookie received from foo.bar can be set for the domain bar, but a cookie received from bar can't be set for foo.bar. As you correctly noticed, the existing code checks it the other way around. Thanks for the fix!