New issue
Advanced search Search tips

Issue 766219 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Sep 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

Set-Cookie not respected for ngrok.io subdomain

Reported by dan...@rundexter.com, Sep 18 2017

Issue description

UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36

Steps to reproduce the problem:
1. Create a simple web-server that sets a cookie -- nodejs reference below:

```
var http = require('http');

http.createServer(function (request, response) {
  // To Write a Cookie
  response.writeHead(200, {
    'Set-Cookie': 'mycookie=test; domain=ngrok.io',
    'Content-Type': 'text/plain'
  });
  response.end('Hello World\n');
}).listen(8124, console.log.bind(console, 'server started'));
```

2. Launch an ngrok tunnel to :8124, visit that tunnel
3. Note in page info or devtools > app storage that the cookie is not set. Also note, that if you set the cookie for the fully qualified domain it works. Finally, if you use a different domain, everything works as well.

What is the expected behavior?
Chrome should honor set-cookie for ngrok.io subdomains. 

What went wrong?
The browser does not store the cookie for any ngrok subdomain if the cookie domain is set to ngrok.io.

Did this work before? No 

Does this work in other browsers? Yes

Chrome version: 60.0.3112.113  Channel: n/a
OS Version: OS X 10.12.5
Flash Version: 

No
 
Labels: Needs-Triage-M61
Components: Internals>Network>Cookies

Comment 3 by mmenke@chromium.org, Sep 19 2017

Cc: rsleevi@chromium.org
ngrok.io is in effective_tld_names.dat, registered by "Alan Shreve".  That means it's treated like a TLD (com, co.uk, etc), and subdomains are treated as completely separate domains, so can't share cookies.  If its presence in this list is a mistake, you need to have it removed from Mozilla's list.  They're the maintainers of the list, we just pull it from them.

Comment 4 by mmenke@chromium.org, Sep 19 2017

Status: WontFix (was: Unconfirmed)

Sign in to add a comment