From 090ee789dda468fe0d9b715ec4e5dc47a948a239 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Wed, 2 Mar 2016 11:07:16 +0100
Subject: [PATCH] cookie: do not refuse cookies for localhost

Closes #658
---
 lib/cookie.c        | 10 ++++++----
 tests/data/test1136 |  1 +
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/cookie.c b/lib/cookie.c
index d62f446..e5c7b7e 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -788,10 +788,12 @@ Curl_cookie_add(struct SessionHandle *data,
 #ifdef USE_LIBPSL
   /* Check if the domain is a Public Suffix and if yes, ignore the cookie.
      This needs a libpsl compiled with builtin data. */
-  if(co->domain && !isip(co->domain) && (psl = psl_builtin()) != NULL) {
-    if(psl_is_public_suffix(psl, co->domain)) {
-      infof(data, "cookie '%s' dropped, domain '%s' is a public suffix\n",
-            co->name, co->domain);
+  if(domain && co->domain && !isip(co->domain)) {
+    if (((psl = psl_builtin()) != NULL)
+        && !psl_is_cookie_domain_acceptable(psl, domain, co->domain)) {
+      infof(data,
+            "cookie '%s' dropped, domain '%s' must not set cookies for '%s'\n",
+            co->name, domain, co->domain);
       freecookie(co);
       return NULL;
     }
diff --git a/tests/data/test1136 b/tests/data/test1136
index e42ca06..d3327e8 100644
--- a/tests/data/test1136
+++ b/tests/data/test1136
@@ -58,6 +58,7 @@ http://www.example.ck/1136 http://www.ck/1136 http://z-1.compute-1.amazonaws.com
 
 .www.example.ck	TRUE	/	FALSE	0	test2	allowed2
 .www.ck	TRUE	/	FALSE	0	test4	allowed4
+.z-1.compute-1.amazonaws.com	TRUE	/	FALSE	0	test5	forbidden5
 </file>
 </verify>
 </testcase>
-- 
2.5.0