From d02569727f1b2fccccfd59ce10d6eaa2c609ba06 Mon Sep 17 00:00:00 2001 From: Ronni Skansing Date: Fri, 3 Jul 2026 10:03:51 +0200 Subject: [PATCH] fix cookies captured with port Signed-off-by: Ronni Skansing --- backend/proxy/proxy.go | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/backend/proxy/proxy.go b/backend/proxy/proxy.go index 177b8a1..2336e08 100644 --- a/backend/proxy/proxy.go +++ b/backend/proxy/proxy.go @@ -1699,10 +1699,20 @@ func (m *ProxyHandler) extractCookieData(capture service.ProxyServiceCaptureRule return nil } +// stripCookieDomainPort removes a trailing port from a host so it is usable as a +// cookie domain attribute, which per RFC 6265 must not contain a port. IPv6 hosts +// without a port are returned unchanged. +func stripCookieDomainPort(host string) string { + if h, _, err := net.SplitHostPort(host); err == nil { + return h + } + return host +} + func (m *ProxyHandler) buildCookieData(cookie *http.Cookie, resp *http.Response) map[string]string { cookieDomain := cookie.Domain if cookieDomain == "" { - cookieDomain = resp.Request.Host + cookieDomain = stripCookieDomainPort(resp.Request.Host) } isSecure := cookie.Secure @@ -1963,7 +1973,7 @@ func (m *ProxyHandler) captureFromCookie(req *http.Request, resp *http.Response, domain = req.Host } if domain != "" { - capturedData["cookie_domain"] = domain + capturedData["cookie_domain"] = stripCookieDomainPort(domain) } } } @@ -2244,7 +2254,7 @@ func (m *ProxyHandler) formatCapturedData(capturedData map[string]string, captur domain = req.Host } if domain != "" { - capturedData["cookie_domain"] = domain + capturedData["cookie_domain"] = stripCookieDomainPort(domain) } } case strings.Contains(captureName, "token"):