Ensure HTTPCookie domain matching conforms to RFC6265

Fix an issue when HTTPCookie domain starts with ".", cookies are
not being sent with HTTP requests. Also, force domain matching to
be in all lower case.

Author: maksimorlovich

Foundation/HTTPCookie.swift

@@ -246,7 +246,7 @@ open class HTTPCookie : NSObject {
         _path = path
         _name = name
         _value = value
-        _domain = canonicalDomain
+        _domain = canonicalDomain.lowercased()
 
         if let
             secureString = properties[.secure] as? String, !secureString.isEmpty

Foundation/HTTPCookieStorage.swift

@@ -267,8 +267,8 @@ open class HTTPCookieStorage: NSObject {
         into a set of header fields to add to a request.
     */
     open func cookies(for url: URL) -> [HTTPCookie]? {
-        guard let host = url.host else { return nil }
-        return Array(self.syncQ.sync(execute: {allCookies}).values.filter{ $0.domain == host })
+        guard let host = url.host?.lowercased() else { return nil }
+        return Array(self.syncQ.sync(execute: {allCookies}).values.filter{ $0.validFor(host: host) })
     }
 
     /*!
@@ -293,17 +293,17 @@ open class HTTPCookieStorage: NSObject {
         guard cookieAcceptPolicy != .never else { return }
 
         //if the urls don't have a host, we cannot do anything
-        guard let urlHost = url?.host else { return }
+        guard let urlHost = url?.host?.lowercased() else { return }
 
         if mainDocumentURL != nil && cookieAcceptPolicy == .onlyFromMainDocumentDomain {
-            guard let mainDocumentHost = mainDocumentURL?.host else { return }
+            guard let mainDocumentHost = mainDocumentURL?.host?.lowercased() else { return }
 
             //the url.host must be a suffix of manDocumentURL.host, this is based on Darwin's behaviour
             guard mainDocumentHost.hasSuffix(urlHost) else { return }
         }
 
         //save only those cookies whose domain matches with the url.host
-        let validCookies = cookies.filter { urlHost == $0.domain }
+        let validCookies = cookies.filter { $0.validFor(host: urlHost) }
         for cookie in validCookies {
             setCookie(cookie)
         }
@@ -334,6 +334,28 @@ public extension Notification.Name {
 }
 
 extension HTTPCookie {
+    internal func validFor(host: String) -> Bool {
+        // RFC6265 - HTTP State Management Mechanism
+        // https://tools.ietf.org/html/rfc6265#section-5.1.3
+        //
+        // 5.1.3.  Domain Matching
+        // A string domain-matches a given domain string if at least one of the
+        // following conditions hold:
+        //
+        // 1)  The domain string and the string are identical.  (Note that both
+        //     the domain string and the string will have been canonicalized to
+        //     lower case at this point.)
+        //
+        // 2) All of the following conditions hold:
+        //    * The domain string is a suffix of the string.
+        //    * The last character of the string that is not included in the
+        //      domain string is a %x2E (".") character.
+        //    * The string is a host name (i.e., not an IP address).
+
+        let dotlessDomain = domain.first == "." ? String(domain.suffix(domain.count - 1)) : domain
+        return dotlessDomain == host || (domain.first == "." && host.hasSuffix(domain))
+    }
+
     internal func persistableDictionary() -> [String: Any] {
         var properties: [String: Any] = [:]
         properties[HTTPCookiePropertyKey.name.rawValue] = name

TestFoundation/TestHTTPCookieStorage.swift

@@ -26,6 +26,7 @@ class TestHTTPCookieStorage: XCTestCase {
             ("test_cookiesForURLWithMainDocumentURL", test_cookiesForURLWithMainDocumentURL),
             ("test_cookieInXDGSpecPath", test_cookieInXDGSpecPath),
             ("test_descriptionCookie", test_descriptionCookie),
+            ("test_cookieDomainMatching", test_cookieDomainMatching),
         ]
     }
 
@@ -89,6 +90,11 @@ class TestHTTPCookieStorage: XCTestCase {
         descriptionCookie(with: .groupContainer("test"))
     }
 
+    func test_cookieDomainMatching() {
+        cookieDomainMatching(with: .shared)
+        cookieDomainMatching(with: .groupContainer("test"))
+    }
+
     func getStorage(for type: _StorageType) -> HTTPCookieStorage {
         switch type {
         case .shared:
@@ -272,6 +278,49 @@ class TestHTTPCookieStorage: XCTestCase {
         XCTAssertEqual(storage.description, "<NSHTTPCookieStorage cookies count:\(cookies1.count)>")
     }
 
+    func cookieDomainMatching(with storageType: _StorageType) {
+        let storage = getStorage(for: storageType)
+
+        let simpleCookie1 = HTTPCookie(properties: [   // swift.org domain only
+           .name: "TestCookie1",
+           .value: "TestValue1",
+           .path: "/",
+           .domain: "swift.org",
+        ])!
+
+        storage.setCookie(simpleCookie1)
+
+        let simpleCookie2 = HTTPCookie(properties: [   // *.swift.org
+           .name: "TestCookie2",
+           .value: "TestValue2",
+           .path: "/",
+           .domain: ".SWIFT.org",
+        ])!
+
+        storage.setCookie(simpleCookie2)
+
+        let simpleCookie3 = HTTPCookie(properties: [   // bugs.swift.org
+           .name: "TestCookie3",
+           .value: "TestValue3",
+           .path: "/",
+           .domain: "bugs.swift.org",
+        ])!
+
+        storage.setCookie(simpleCookie3)
+        XCTAssertEqual(storage.cookies!.count, 3)
+
+        let swiftOrgUrl = URL(string: "https://swift.ORG")!
+        let ciSwiftOrgUrl = URL(string: "https://CI.swift.ORG")!
+        let bugsSwiftOrgUrl = URL(string: "https://BUGS.swift.org")!
+        let exampleComUrl = URL(string: "http://www.example.com")!
+        let superSwiftOrgUrl = URL(string: "https://superswift.org")!
+        XCTAssertEqual(storage.cookies(for: swiftOrgUrl)!.count, 2)
+        XCTAssertEqual(storage.cookies(for: ciSwiftOrgUrl)!.count, 1)
+        XCTAssertEqual(storage.cookies(for: bugsSwiftOrgUrl)!.count, 2)
+        XCTAssertEqual(storage.cookies(for: exampleComUrl)!.count, 0)
+        XCTAssertEqual(storage.cookies(for: superSwiftOrgUrl)!.count, 0)
+    }
+
     func test_cookieInXDGSpecPath() {
 #if !os(Android) && !DARWIN_COMPATIBILITY_TESTS // No XDG on native Foundation
         //Test without setting the environment variable