I use superagent.agent() to run several requests. The cookies from set-cookies are sent to all domains without checking if the domain is the one that the set-cookie returned from.
Actual behavior
I send a request to httpbin.org that returns a header with set-cookie and then send a request to google.com and the cookie from httpbin is sent to google as well
Describe the bug
I use
superagent.agent()
to run several requests. The cookies fromset-cookies
are sent to all domains without checking if the domain is the one that theset-cookie
returned from.Actual behavior
I send a request to
httpbin.org
that returns a header withset-cookie
and then send a request togoogle.com
and the cookie fromhttpbin
is sent togoogle
as wellExpected behavior
The cookie of google request should be empty
Code to reproduce
This pull request solves that issue: https://github.com/ladjs/superagent/pull/1757
Checklist