soup cookie warns about domain=NULL
Submitted by Egon Andersen
Assigned to libsoup-maint@gnome.bugs
Link to original bug (#790601)
Description
When setting domain=NULL; soup cookie issues a warning: soup_cookie_new: runtime check failed: (domain != NULL)
I believe this is an old leftover from previous rfcs.
I believe that setting domain=NULL is the right way to signal that the Domain Attribute should not be included.
From the RFC:
<cite>
If the server omits the Domain attribute, the user
agent will return the cookie only to the origin server.
</cite>
RFC 6265 https://tools.ietf.org/html/rfc6265 states:
4.1.2.3. The Domain Attribute
The Domain attribute specifies those hosts to which the cookie will be sent. For example, if the value of the Domain attribute is "example.com", the user agent will include the cookie in the Cookie header when making HTTP requests to example.com, www.example.com, and www.corp.example.com. (Note that a leading %x2E ("."), if present, is ignored even though that character is not permitted, but a trailing %x2E ("."), if present, will cause the user agent to ignore the attribute.) If the server omits the Domain attribute, the user agent will return the cookie only to the origin server.
WARNING: Some existing user agents treat an absent Domain
attribute as if the Domain attribute were present and contained
the current host name. For example, if example.com returns a Set-
Cookie header without a Domain attribute, these user agents will
erroneously send the cookie to www.example.com as well.
Barth Standards Track [Page 11]
RFC 6265 HTTP State Management Mechanism April 2011
The user agent will reject cookies unless the Domain attribute specifies a scope for the cookie that would include the origin server. For example, the user agent will accept a cookie with a Domain attribute of "example.com" or of "foo.example.com" from foo.example.com, but the user agent will not accept a cookie with a Domain attribute of "bar.example.com" or of "baz.foo.example.com".
NOTE: For security reasons, many user agents are configured to reject Domain attributes that correspond to "public suffixes". For example, some user agents will reject Domain attributes of "com" or "co.uk". (See Section 5.3 for more information.)