Comments (7)
FlorianRappl
commented on September 27, 2024
OK we need a spec to back this up. Can you point to a spec where this is written?
excluding a leading "www." or "."
I can already guarantee you that "www." should not be excluded. It's a subdomain like any other. Regarding the "." I'd like to see a spec that defines such edge cases and how they should be handled. I think this might be a case for some normalization, but I need some spec confirmation.
from anglesharp.io.
TonyDev314
commented on September 27, 2024
I believe that the leading . means that the cookie should be included in
all subdomains
The "." was deemed no longer necessary in this spec:
https://www.rfc-editor.org/rfc/rfc6265#section-4.1.2.3
But then the issue is that mywebsite.com cookies are not being included in
requests to www.mywebsite.com
Perhaps the change needs to be in the matching algorithm and instead of
looking for an absolute match, checking to see if the cookie domain forms
part of the URL domain?
…On Wed, 28 Feb 2024 at 23:36, Florian Rappl ***@***.***> wrote:
OK we need a spec to back this up. Can you point to a spec where this is
written?
excluding a leading "www." or "."
I can already guarantee you that "www." should not be excluded. It's a
subdomain like any other. Regarding the "." I'd like to see a spec that
defines such edge cases and how they should be handled. I think this might
be a case for some normalization, but I need some spec confirmation.
—
Reply to this email directly, view it on GitHub
<#36 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACSKIUQFWICFE5OGB7ARFH3YVZUW5AVCNFSM6AAAAABD65UP3OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNZQGA4TKOJXG4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
from anglesharp.io.
FlorianRappl
commented on September 27, 2024
Perhaps the change needs to be in the matching algorithm and instead of
looking for an absolute match, checking to see if the cookie domain forms
part of the URL domain?
I'd not change the matching algorithm - I'd rather normalize what we see in the domain field. From the RFC it seems that the leading dot is the change necessary, otherwise all algorithms can continue to work as-is. So if we normalize this input from the domain field (only chance a leading dot appears) then we should be fine.
from anglesharp.io.
TonyDev314
commented on September 27, 2024
Surely you have to change the matching algorithm though.
At present the match must be exact between the URL domain and the cookie
domain. So whether or not a leading dot is included, the cookie is excluded.
For me a change from cookie.Domain.Is(domain)
to domain.EndsWith(cookie.Domain, StringComparison.OrdinalIgnoreCase) in
both FindCookie and FindCookies
makes the behaviour as expected.
from anglesharp.io.
FlorianRappl
commented on September 27, 2024
Surely you have to change the matching algorithm though. At present the match must be exact between the URL domain and the cookie domain. So whether or not a leading dot is included, the cookie is excluded.
No - as I wrote; if we normalize the input then the matching algorithm does not need to be changed. There will never be a dot in front of a domain.
For me a change from cookie.Domain.Is(domain) to domain.EndsWith(cookie.Domain, StringComparison.OrdinalIgnoreCase) in
both FindCookie and FindCookies makes the behaviour as expected.
This will not work in general. Yes, of course it works in your case - but then you could also just "return true". Because if domain is "www.foobar.com" it would also match a cookie.Domain of "bar.com", but it should only match "foobar.com".
from anglesharp.io.
TonyDev314
commented on September 27, 2024
It works if you include the "." in the cookie retained.
That requires further change
Need to store a cookie ".mywebsite.com" such that it matches requests to www.mywebsite.com AND www.foo.mywebsite.com etc.
But as you point out, it should NOT match www.thisismywebsite.com.
There's no way around that without altering the matching algorithm.
from anglesharp.io.
FlorianRappl
commented on September 27, 2024
There's no way around that without altering the matching algorithm.
I agree that the matching algorithm in general needs to be changed, but not due to the dot. The dot has to be taken care of in an input normalization. We'll remove the leading dot and handle all those cases in the matching algorithm.
If you'd retain the dot you'd always need to take care of it in the matching algorithm, which does not make much sense. You can already remove it beforehand and drop that case immediately. Matching will be done more often than setting / writing - so normalizing the input makes sense also from a performance POV. It's just unnecessary work to retain the dot.
As the spec said - "foo.com" and ".foo.com" should behave the same. So let's normalize ".foo.com" to be "foo.com".
from anglesharp.io.
Related Issues (20)
- Add FTP requester
- Add File requester
- .NET Core build HOT 1
- About scheme
- Documentation HOT 1
- Introduce improved cookie container HOT 1
- IRequester example HOT 3
- HttpClientRequester does not use HttpClientHandler.AllowAutoRedirect HOT 2
- Binary data restore when opening an image url HOT 3
- Support .net standard 1.3 and .net46 HOT 3
- A connection attempt failed HOT 3
- Unhandle exception crash the application HOT 2
- How to use both Proxy and Headers in AngleSharp.Io HOT 1
- Missing AngleSharp.Io.Network namespace in 0.16.0 nuget package HOT 2
- Creating a form resulting infinite document awaiting from https page HOT 6
- Request for Support / Sponsorship
- Implement WebSocket interface HOT 1
- TypeLoadException when using AngleSharp.Io with AngleSharp 0.9.4 HOT 6
- Portable AngleSharp.Io? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from anglesharp.io.