Skip to content

Commit

Permalink
Only check origin if insecure scheme and there are origins to treat a…
Browse files Browse the repository at this point in the history
…s secure, in CookieJar.filter_cookies() (#7821)
  • Loading branch information
Rongronggg9 authored Nov 12, 2023
1 parent cf3e139 commit 366ba40
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
1 change: 1 addition & 0 deletions CHANGES/7821.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Only check origin if insecure scheme and there are origins to treat as secure, in ``CookieJar.filter_cookies()``.
13 changes: 6 additions & 7 deletions aiohttp/cookiejar.py
Original file line number Diff line number Diff line change
Expand Up @@ -253,14 +253,13 @@ def filter_cookies(
# Skip rest of function if no non-expired cookies.
return filtered
hostname = request_url.raw_host or ""
request_origin = URL()
with contextlib.suppress(ValueError):
request_origin = request_url.origin()

is_not_secure = (
request_url.scheme not in ("https", "wss")
and request_origin not in self._treat_as_secure_origin
)
is_not_secure = request_url.scheme not in ("https", "wss")
if is_not_secure and self._treat_as_secure_origin:
request_origin = URL()
with contextlib.suppress(ValueError):
request_origin = request_url.origin()
is_not_secure = request_origin not in self._treat_as_secure_origin

# Point 2: https://www.rfc-editor.org/rfc/rfc6265.html#section-5.4
for cookie in sorted(self, key=lambda c: len(c["path"])):
Expand Down

0 comments on commit 366ba40

Please sign in to comment.