HTTPCookie: parse domain according to RFC

Foundation/HTTPCookie.swift

@@ -70,7 +70,7 @@ extension HTTPCookiePropertyKey {
 }
 
 internal extension HTTPCookiePropertyKey {
-    internal static let httpOnly = HTTPCookiePropertyKey(rawValue: "HttpOnly")
+    static let httpOnly = HTTPCookiePropertyKey(rawValue: "HttpOnly")
 
     static private let _setCookieAttributes: [String: HTTPCookiePropertyKey] = {
         // Only some attributes are valid in the Set-Cookie header.
@@ -570,10 +570,22 @@ open class HTTPCookie : NSObject {
             }
         }
 
-        // If domain wasn't provided, extract it from the URL
-        if properties[.domain] == nil {
+        if let domain = properties[.domain] as? String {
+            // The provided domain string has to be prepended with a dot,
+            // because the domain field indicates that it can be sent
+            // subdomains of the domain (but only if it is not an IP address).
+            if (!domain.hasPrefix(".") && !isIPv4Address(domain)) {
+                properties[.domain] = ".\(domain)"
+            }
+        } else {
+            // If domain wasn't provided, extract it from the URL. No dots in
+            // this case, only exact matching.
             properties[.domain] = url.host
         }
+        // Always lowercase the domain.
+        if let domain = properties[.domain] as? String {
+            properties[.domain] = domain.lowercased()
+        }
 
         // the default Path is "/"
         if let path = properties[.path] as? String, path.first == "/" {
@@ -606,6 +618,11 @@ open class HTTPCookie : NSObject {
         return (name, value)
     }
 
+    private class func isIPv4Address(_ string: String) -> Bool {
+        var x = in_addr()
+        return inet_pton(AF_INET, string, &x) == 1
+    }
+
     /// Returns a dictionary representation of the receiver.
     ///
     /// This method returns a dictionary representation of the

TestFoundation/TestHTTPCookie.swift

@@ -12,6 +12,7 @@ class TestHTTPCookie: XCTestCase {
     static var allTests: [(String, (TestHTTPCookie) -> () throws -> Void)] {
         return [
             ("test_BasicConstruction", test_BasicConstruction),
+            ("test_cookieDomainCanonicalization", test_cookieDomainCanonicalization),
             ("test_RequestHeaderFields", test_RequestHeaderFields),
             ("test_cookiesWithResponseHeader1cookie", test_cookiesWithResponseHeader1cookie),
             ("test_cookiesWithResponseHeader0cookies", test_cookiesWithResponseHeader0cookies),
@@ -303,6 +304,53 @@ class TestHTTPCookie: XCTestCase {
         }
     }
 
+    func test_cookieDomainCanonicalization() throws {
+        do {
+            let headers = [
+                "Set-Cookie": "PREF=a=b; expires=\(formattedCookieTime(sinceNow: 100))); path=/; domain=eXample.com"
+            ]
+            let cookies = HTTPCookie.cookies(withResponseHeaderFields: headers, for: try URL(string: "http://eXample.com").unwrapped())
+            XCTAssertEqual(cookies.count, 1)
+            XCTAssertEqual(cookies.first?.domain, ".example.com")
+        }
+
+        do {
+            let headers = [
+                "Set-Cookie": "PREF=a=b; expires=\(formattedCookieTime(sinceNow: 100))); path=/; domain=.eXample.com"
+            ]
+            let cookies = HTTPCookie.cookies(withResponseHeaderFields: headers, for: try URL(string: "http://eXample.com").unwrapped())
+            XCTAssertEqual(cookies.count, 1)
+            XCTAssertEqual(cookies.first?.domain, ".example.com")
+        }
+
+        do {
+            let headers = [
+                "Set-Cookie": "PREF=a=b; expires=\(formattedCookieTime(sinceNow: 100))); path=/; domain=a.eXample.com"
+            ]
+            let cookies = HTTPCookie.cookies(withResponseHeaderFields: headers, for: try URL(string: "http://a.eXample.com").unwrapped())
+            XCTAssertEqual(cookies.count, 1)
+            XCTAssertEqual(cookies.first?.domain, ".a.example.com")
+        }
+
+        do {
+            let headers = [
+                "Set-Cookie": "PREF=a=b; expires=\(formattedCookieTime(sinceNow: 100))); path=/"
+            ]
+            let cookies = HTTPCookie.cookies(withResponseHeaderFields: headers, for: try URL(string: "http://a.eXample.com").unwrapped())
+            XCTAssertEqual(cookies.count, 1)
+            XCTAssertEqual(cookies.first?.domain, "a.example.com")
+        }
+
+        do {
+            let headers = [
+                "Set-Cookie": "PREF=a=b; expires=\(formattedCookieTime(sinceNow: 100))); path=/; domain=1.2.3.4"
+            ]
+            let cookies = HTTPCookie.cookies(withResponseHeaderFields: headers, for: try URL(string: "http://eXample.com").unwrapped())
+            XCTAssertEqual(cookies.count, 1)
+            XCTAssertEqual(cookies.first?.domain, "1.2.3.4")
+        }
+    }
+
     func test_cookieExpiresDateFormats() {
         let testDate = Date(timeIntervalSince1970: 1577881800)
         let cookieString =
@@ -320,7 +368,7 @@ class TestHTTPCookie: XCTestCase {
         XCTAssertEqual(cookies.count, 3)
         cookies.forEach { cookie in
             XCTAssertEqual(cookie.expiresDate, testDate)
-            XCTAssertEqual(cookie.domain, "swift.org")
+            XCTAssertEqual(cookie.domain, ".swift.org")
             XCTAssertEqual(cookie.path, "/")
         }
     }
@@ -333,4 +381,11 @@ class TestHTTPCookie: XCTestCase {
             XCTFail("Unable to create cookie with substring")
         }
     }
+
+    private func formattedCookieTime(sinceNow seconds: TimeInterval) -> String {
+        let f = DateFormatter()
+        f.timeZone = TimeZone(abbreviation: "GMT")
+        f.dateFormat = "EEEE',' dd'-'MMM'-'yy HH':'mm':'ss z"
+        return f.string(from: Date(timeIntervalSinceNow: seconds))
+    }
 }