Skip to content

fix(security): lowercase-normalize COOKIE_DOMAIN before validation (follow-up #190)#236

Open
Jose-Gael-Cruz-Lopez wants to merge 1 commit into
mainfrom
security/follow-up-221-cookie-domain-lowercase
Open

fix(security): lowercase-normalize COOKIE_DOMAIN before validation (follow-up #190)#236
Jose-Gael-Cruz-Lopez wants to merge 1 commit into
mainfrom
security/follow-up-221-cookie-domain-lowercase

Conversation

@Jose-Gael-Cruz-Lopez

@Jose-Gael-Cruz-Lopez Jose-Gael-Cruz-Lopez commented Jun 14, 2026

Copy link
Copy Markdown
Member

Queued nit from the cross-PR review. sanitizeCookieDomain's regex is lowercase-only, so a valid config like .SaplingLearn.com was rejected and silently degraded to a host-only cookie. DNS is case-insensitive — .toLowerCase() the input before validating. Test covers normalization.

⚠️ Nit, do not merge without your review (queued per your instruction).

@Jose-Gael-Cruz-Lopez
fix(security): lowercase-normalize COOKIE_DOMAIN before validation (f…
0a74e75 
…ollow-up #190)

Follow-up to #190/#221. sanitizeCookieDomain's regex is lowercase-only, so a
config like ".SaplingLearn.com" was wrongly rejected (→ host-only cookie). DNS
is case-insensitive — normalize with .toLowerCase() before validating. Test
covers case normalization.
@coderabbitai

coderabbitai Bot commented Jun 14, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@Jose-Gael-Cruz-Lopez, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 58 minutes and 35 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 72513d53-5af5-4dab-8cc5-06cbcb58b511

📥 Commits

Reviewing files that changed from the base of the PR and between 84aee68 and 0a74e75.

📒 Files selected for processing (2)
  • frontend/src/lib/cookieDomain.test.ts
  • frontend/src/lib/cookieDomain.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch security/follow-up-221-cookie-domain-lowercase

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 14, 2026
edited
Loading

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs		 frontend 0a74e75 Commit Preview URL

Branch Preview URL		 Jun 14 2026, 03:37 AM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Jose-Gael-Cruz-Lopez