#28741 closed Cleanup/optimization (fixed)
Remove unnecessary leading dot from cross-domain cookie examples
| Reported by: | Niels van Huijstee | Owned by: | nobody |
|---|---|---|---|
| Component: | Documentation | Version: | 1.11 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
When I set CSRF_COOKIE_DOMAIN / SESSION_COOKIE_DOMAIN to a domain, like "example.com", (no leading dot), the cookies are set to ".example.com" (with leading dot). To me, this is not clear from the docs, so this is either an undocumented feature or unintended behavior.
Change History (6)
comment:1 by , 6 years ago
| Has patch: | set |
|---|---|
| Summary: | CSRF_COOKIE_DOMAIN / SESSION_COOKIE_DOMAIN are always cross domain → Remove unnecessary leading dot from cross-domain cookie examples |
| Triage Stage: | Unreviewed → Accepted |
| Type: | Bug → Cleanup/optimization |
comment:4 by , 3 years ago
Note:
See TracTickets
for help on using tickets.
From Mozilla's documentation for the
Set-Cookieheader: "Contrary to earlier specifications, leading dots in domain names are ignored. If a domain is specified, subdomains are always included."PR