Set-Cookie not respected for ngrok.io subdomain
Reported by
dan...@rundexter.com,
Sep 18 2017
|
||||
Issue description
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
Steps to reproduce the problem:
1. Create a simple web-server that sets a cookie -- nodejs reference below:
```
var http = require('http');
http.createServer(function (request, response) {
// To Write a Cookie
response.writeHead(200, {
'Set-Cookie': 'mycookie=test; domain=ngrok.io',
'Content-Type': 'text/plain'
});
response.end('Hello World\n');
}).listen(8124, console.log.bind(console, 'server started'));
```
2. Launch an ngrok tunnel to :8124, visit that tunnel
3. Note in page info or devtools > app storage that the cookie is not set. Also note, that if you set the cookie for the fully qualified domain it works. Finally, if you use a different domain, everything works as well.
What is the expected behavior?
Chrome should honor set-cookie for ngrok.io subdomains.
What went wrong?
The browser does not store the cookie for any ngrok subdomain if the cookie domain is set to ngrok.io.
Did this work before? No
Does this work in other browsers? Yes
Chrome version: 60.0.3112.113 Channel: n/a
OS Version: OS X 10.12.5
Flash Version:
No
,
Sep 19 2017
,
Sep 19 2017
ngrok.io is in effective_tld_names.dat, registered by "Alan Shreve". That means it's treated like a TLD (com, co.uk, etc), and subdomains are treated as completely separate domains, so can't share cookies. If its presence in this list is a mistake, you need to have it removed from Mozilla's list. They're the maintainers of the list, we just pull it from them.
,
Sep 19 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by manoranj...@chromium.org
, Sep 18 2017