brainopia · December 9, 2010 16:15
diff --git a/gistfile1.diff b/gistfile1.diff
 From 4fe9191b7898384503fd40f35ee4f9d107cbea83 Mon Sep 17 00:00:00 2001
 From: brainopia <[email protected]>
 Date: Thu, 9 Dec 2010 18:38:52 +0300
 Subject: Fix edge cases for domain :all option on cookie store

 Dont set explicit domain for cookies if host is not a domain name
 ---
 .../lib/action_dispatch/middleware/cookies.rb      |    7 ++++-
 actionpack/test/dispatch/cookies_test.rb           |   21 ++++++++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

 diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
 index b0a4e3d..f369d2d 100644
 --- a/actionpack/lib/action_dispatch/middleware/cookies.rb
 +++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
 @@ -131,8 +131,11 @@ module ActionDispatch
         options[:path] ||= "/"
 
         if options[:domain] == :all
 -          @host =~ DOMAIN_REGEXP
 -          options[:domain] = ".#{$1}.#{$2}"
 +          # if host is not ip and matches domain regexp
 +          # (ip confirms to domain regexp so we explicitly check for ip)
 +          options[:domain] = if (@host !~ /^[\d.]+$/) && (@host =~ DOMAIN_REGEXP)
 +            ".#{$1}.#{$2}"
 +          end
         end
       end
 
 diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb
 index 5ec7f12..e204040 100644
 --- a/actionpack/test/dispatch/cookies_test.rb
 +++ b/actionpack/test/dispatch/cookies_test.rb
 @@ -295,6 +295,27 @@ class CookiesTest < ActionController::TestCase
     assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
   end
 
 +  def test_cookie_with_all_domain_option_using_localhost
 +    @request.host = "localhost"
 +    get :set_cookie_with_domain
 +    assert_response :success
 +    assert_cookie_header "user_name=rizwanreza; path=/"
 +  end
 +
 +  def test_cookie_with_all_domain_option_using_ipv4_address
 +    @request.host = "192.168.1.1"
 +    get :set_cookie_with_domain
 +    assert_response :success
 +    assert_cookie_header "user_name=rizwanreza; path=/"
 +  end
 +
 +  def test_cookie_with_all_domain_option_using_ipv6_address
 +    @request.host = "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
 +    get :set_cookie_with_domain
 +    assert_response :success
 +    assert_cookie_header "user_name=rizwanreza; path=/"
 +  end
 +
   def test_deleting_cookie_with_all_domain_option
     get :delete_cookie_with_domain
     assert_response :success
 -- 
 1.7.2.1
	From 4fe9191b7898384503fd40f35ee4f9d107cbea83 Mon Sep 17 00:00:00 2001
	From: brainopia <[email protected]>
	Date: Thu, 9 Dec 2010 18:38:52 +0300
	Subject: Fix edge cases for domain :all option on cookie store

	Dont set explicit domain for cookies if host is not a domain name
	---
	.../lib/action_dispatch/middleware/cookies.rb \| 7 ++++-
	actionpack/test/dispatch/cookies_test.rb \| 21 ++++++++++++++++++++
	2 files changed, 26 insertions(+), 2 deletions(-)

	diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
	index b0a4e3d..f369d2d 100644
	--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
	+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
	@@ -131,8 +131,11 @@ module ActionDispatch
	options[:path] \|\|= "/"

	if options[:domain] == :all
	- @host =~ DOMAIN_REGEXP
	- options[:domain] = ".#{$1}.#{$2}"
	+ # if host is not ip and matches domain regexp
	+ # (ip confirms to domain regexp so we explicitly check for ip)
	+ options[:domain] = if (@host !~ /^[\d.]+$/) && (@host =~ DOMAIN_REGEXP)
	+ ".#{$1}.#{$2}"
	+ end
	end
	end

	diff --git a/actionpack/test/dispatch/cookies_test.rb b/actionpack/test/dispatch/cookies_test.rb
	index 5ec7f12..e204040 100644
	--- a/actionpack/test/dispatch/cookies_test.rb
	+++ b/actionpack/test/dispatch/cookies_test.rb
	@@ -295,6 +295,27 @@ class CookiesTest < ActionController::TestCase
	assert_cookie_header "user_name=rizwanreza; domain=.nextangle.local; path=/"
	end

	+ def test_cookie_with_all_domain_option_using_localhost
	+ @request.host = "localhost"
	+ get :set_cookie_with_domain
	+ assert_response :success
	+ assert_cookie_header "user_name=rizwanreza; path=/"
	+ end
	+
	+ def test_cookie_with_all_domain_option_using_ipv4_address
	+ @request.host = "192.168.1.1"
	+ get :set_cookie_with_domain
	+ assert_response :success
	+ assert_cookie_header "user_name=rizwanreza; path=/"
	+ end
	+
	+ def test_cookie_with_all_domain_option_using_ipv6_address
	+ @request.host = "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
	+ get :set_cookie_with_domain
	+ assert_response :success
	+ assert_cookie_header "user_name=rizwanreza; path=/"
	+ end
	+
	def test_deleting_cookie_with_all_domain_option
	get :delete_cookie_with_domain
	assert_response :success
	--
	1.7.2.1