From 6a8b8f5a49af7897b98ebfb29a1c4955afa3d33e Mon Sep 17 00:00:00 2001 From: Blake Embrey Date: Thu, 3 Oct 2024 11:12:24 -0700 Subject: [PATCH] Allow leading dot for domain (#174) --- index.js | 8 +++++++- test/serialize.js | 4 +++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/index.js b/index.js index 47aca9e..51a58cb 100644 --- a/index.js +++ b/index.js @@ -64,9 +64,15 @@ var cookieValueRegExp = /^("?)[\u0021\u0023-\u002B\u002D-\u003A\u003C-\u005B\u00 * = any one of the 52 alphabetic characters A through Z in * upper case and a through z in lower case * = any one of the ten digits 0 through 9 + * + * Keep support for leading dot: https://github.com/jshttp/cookie/issues/173 + * + * > (Note that a leading %x2E ("."), if present, is ignored even though that + * character is not permitted, but a trailing %x2E ("."), if present, will + * cause the user agent to ignore the attribute.) */ -var domainValueRegExp = /^([a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i; +var domainValueRegExp = /^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i; /** * RegExp to match path-value in RFC 6265 sec 4.1.1 diff --git a/test/serialize.js b/test/serialize.js index be84595..1ee3235 100644 --- a/test/serialize.js +++ b/test/serialize.js @@ -76,6 +76,9 @@ describe('cookie.serialize(name, value, options)', function () { var validDomains = [ 'example.com', 'sub.example.com', + '.example.com', + 'localhost', + '.localhost', 'my-site.org', 'localhost' ]; @@ -94,7 +97,6 @@ describe('cookie.serialize(name, value, options)', function () { 'sub.example.com\u0000', 'my site.org', 'domain..com', - '.example.com', 'example.com; Path=/', 'example.com /* inject a comment */' ];