According to rfc-6265, The user agent will reject cookies unless the Domain attribute specifies a scope for the cookie that would include the origin server.
but in iOS, I can save cookies even the Domain attribute is different to server.
Below is my code
for cookie in HTTPCookieStorage.shared.cookies ?? [] {
HTTPCookieStorage.shared.deleteCookie(cookie)
}
let urlString = "http://aa.bbb.net/bb/cc"
let cookie = HTTPCookie.cookies(withResponseHeaderFields: ["Set-Cookie": "key1=value1;Domain=baidu.com"], for: URL(string: urlString)!)
HTTPCookieStorage.shared.setCookie(cookie.first!)
for cookie in HTTPCookieStorage.shared.cookies ?? [] {
print(cookie)
}
let getCookie = HTTPCookieStorage.shared.cookies(for: URL(string: "http://www.baidu.com/bb/cc")!)
print(getCookie)
In the above code, I can successfully get my cookie “key1=value1”,this should be wrong?What confuses me is how do I fix this?