From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-2.9 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_BL_SPAMCOP_NET,SPF_HELO_PASS, SPF_PASS,UNPARSEABLE_RELAY shortcircuit=no autolearn=no autolearn_force=no version=3.4.2 Received: from nue.mailmanlists.eu (nue.mailmanlists.eu [IPv6:2a01:4f8:1c0c:6b10::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id B18671F910 for ; Mon, 28 Nov 2022 04:51:49 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.b="iKC5NOes"; dkim-atps=neutral Received: from nue.mailmanlists.eu (localhost [127.0.0.1]) by nue.mailmanlists.eu (Postfix) with ESMTP id 8B9AF7E74D; Mon, 28 Nov 2022 04:51:43 +0000 (UTC) Authentication-Results: nue.mailmanlists.eu; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.a=rsa-sha256 header.s=s1 header.b=iKC5NOes; dkim-atps=neutral Received: from o1678948x4.outbound-mail.sendgrid.net (o1678948x4.outbound-mail.sendgrid.net [167.89.48.4]) by nue.mailmanlists.eu (Postfix) with ESMTPS id F3DC27E742 for ; Mon, 28 Nov 2022 04:51:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ruby-lang.org; h=from:references:subject:mime-version:content-type: content-transfer-encoding:list-id:to:cc; s=s1; bh=fFa3PdKObJHX06+28Dq5iekQYGf9bIpLnEfbyAhsffg=; b=iKC5NOes8sbjuolop8VkTW3vQxc31Xhcf6iATd8nopFmUDDvg0UMhv+wdHcm8OHh4HMD Iu7v1Gk7J69XuUpuqBd3sYOaCR2ZTeXijXQuSaXEY9FHwcsow/z7Mpi18NyHfrOjutuMJE scxD4p/y5VXBA5JXfaFQMoU30A7qtEJLgByZD8QMWC6/fSuI9JGPrAh7hlaKlyFx4yQifU +CC51hHzK4nYNn42CFaJ5a7ONRoQf+EtLS2LREK3tj8jNaXGqhSGKbt4fM/caFaf+BoqmG DZ4d2o1tGPlcNR6sj0yttWowE4Wm6FYA5D0BJaOHgxBx0kIyVSEbiFjnN2iVim6w== Received: by filterdrecv-6c4ccfbdd8-6sbcc with SMTP id filterdrecv-6c4ccfbdd8-6sbcc-1-63843E59-B 2022-11-28 04:51:37.652599914 +0000 UTC m=+884766.026736726 Received: from herokuapp.com (unknown) by geopod-ismtpd-3-2 (SG) with ESMTP id ge1pXn_BQEu8LG7jDVQo1A for ; Mon, 28 Nov 2022 04:51:37.479 +0000 (UTC) Date: Mon, 28 Nov 2022 04:51:37 +0000 (UTC) From: "mame (Yusuke Endoh)" Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Bug X-Redmine-Issue-Id: 19153 X-Redmine-Issue-Author: cpinto X-Redmine-Sender: mame X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 87380 X-SG-EID: =?us-ascii?Q?YbSlef6ZOa=2FS=2FuqSxXRzl42MttQDxKOujGe43WuBjI7JKMg2OkmRsyzG5za6L9?= =?us-ascii?Q?e1flZkYZ9OViVy5Lc4acvpZjujESW56LsFKlWHv?= =?us-ascii?Q?d4JWOTgSiY=2FNfByvCI9jbv2pgyjaY2qsyfYoqhS?= =?us-ascii?Q?imEePBseJa8Bql8LLi3fkOeC21f3VSI6KrqK9oZ?= =?us-ascii?Q?UEg5ggXUxffm0s7x4+KqATvKbIJTjAxcD+AfyJh?= =?us-ascii?Q?Xaf6nomT+Mr9nFcWy9ffuBVIGXnaAMV1e8+66wQ?= =?us-ascii?Q?peWrgJgPvJAN+1qT4tyOQ=3D=3D?= To: ruby-core@ml.ruby-lang.org X-Entity-ID: b/2+PoftWZ6GuOu3b0IycA== Message-ID-Hash: 23BTCKT7LNSMUOE6ZZSVQ2NEQPMSOVD7 X-Message-ID-Hash: 23BTCKT7LNSMUOE6ZZSVQ2NEQPMSOVD7 X-MailFrom: bounces+313651-b711-ruby-core=ml.ruby-lang.org@em5188.ruby-lang.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.3 Precedence: list Reply-To: Ruby developers Subject: [ruby-core:111034] [Ruby master Bug#19153] Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot List-Id: Ruby developers Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Issue #19153 has been updated by mame (Yusuke Endoh). mame (Yusuke Endoh) wrote in #note-1: > As I wrote in https://github.com/ruby/cgi/pull/29#issuecomment-1325852303, RFC 6265 prohibits leading dot for Cookie domain. However, the old spec of Cookie (RFC 2109) required the leading dot. I think it is reasonable to allow leading dots. Just for the record: it looks like RFC 6265 allows a leading dot. See https://github.com/ruby/cgi/pull/29#issuecomment-1328487556 ---------------------------------------- Bug #19153: Since 2.7.7 CGI::Cookie raises ArgumentError when cookie domains is prefixed with a dot https://bugs.ruby-lang.org/issues/19153#change-100287 * Author: cpinto (Celso Pinto) * Status: Open * Priority: Normal * ruby -v: ruby 2.7.7p221 (2022-11-24 revision 168ec2b1e5) [arm64-darwin22] * Backport: 2.7: UNKNOWN, 3.0: UNKNOWN, 3.1: UNKNOWN ---------------------------------------- The rspec tests of our Rails app started failing with an ArgumentError after upgrading to 2.7.7. On inspection, the issue seems to be caused by CGI::Cookie.domain=: ``` def domain=(str) if str and ((str = str.b).bytesize > 255 or !DOMAIN_VALUE_RE.match?(str)) raise ArgumentError, "invalid domain: #{str.dump}" end @domain = str end ``` Setting a breakpoint: 0> str => ".example.com" 0> DOMAIN_VALUE_RE => /\A(?