diff --git a/cookies.go b/cookies.go
index 64dddc4498bdea9aee549a078096fcfa1f99cb11..d3d2b0820cd7f7d7cc20079c8c9aa3509bcda7e7 100644
--- a/cookies.go
+++ b/cookies.go
@@ -28,7 +28,7 @@ import (
// dropCookie drops a cookie into the response
func (r *oauthProxy) dropCookie(w http.ResponseWriter, host, name, value string, duration time.Duration) {
// step: default to the host header, else the config domain
- domain := strings.Split(host, ":")[0]
+ domain := ""
if r.config.CookieDomain != "" {
domain = r.config.CookieDomain
}
diff --git a/cookies_test.go b/cookies_test.go
index bbd9cd4a001dd2543f5a12a9ad39848ec3c3f08b..2563f1abeac40e8d90bb45fc6a5e68f158774823 100644
--- a/cookies_test.go
+++ b/cookies_test.go
@@ -39,7 +39,7 @@ func TestCookieDomainHostHeader(t *testing.T) {
defer resp.Body.Close()
assert.NotNil(t, cookie)
- assert.Equal(t, cookie.Domain, "127.0.0.1")
+ assert.Equal(t, cookie.Domain, "")
}
func TestCookieBasePath(t *testing.T) {
@@ -113,7 +113,7 @@ func TestDropCookie(t *testing.T) {
p.dropCookie(resp, req.Host, "test-cookie", "test-value", 0)
assert.Equal(t, resp.Header().Get("Set-Cookie"),
- "test-cookie=test-value; Path=/; Domain=127.0.0.1",
+ "test-cookie=test-value; Path=/",
"we have not set the cookie, headers: %v", resp.Header())
req = newFakeHTTPRequest("GET", "/admin")
@@ -122,7 +122,7 @@ func TestDropCookie(t *testing.T) {
p.dropCookie(resp, req.Host, "test-cookie", "test-value", 0)
assert.Equal(t, resp.Header().Get("Set-Cookie"),
- "test-cookie=test-value; Path=/; Domain=127.0.0.1",
+ "test-cookie=test-value; Path=/",
"we have not set the cookie, headers: %v", resp.Header())
req = newFakeHTTPRequest("GET", "/admin")
@@ -149,7 +149,7 @@ func TestDropRefreshCookie(t *testing.T) {
p.dropRefreshTokenCookie(req, resp, "test", 0)
assert.Equal(t, resp.Header().Get("Set-Cookie"),
- refreshCookie+"=test; Path=/; Domain=127.0.0.1",
+ refreshCookie+"=test; Path=/",
"we have not set the cookie, headers: %v", resp.Header())
}
@@ -162,7 +162,7 @@ func TestSessionOnlyCookie(t *testing.T) {
p.dropCookie(resp, req.Host, "test-cookie", "test-value", 1*time.Hour)
assert.Equal(t, resp.Header().Get("Set-Cookie"),
- "test-cookie=test-value; Path=/; Domain=127.0.0.1",
+ "test-cookie=test-value; Path=/",
"we have not set the cookie, headers: %v", resp.Header())
}
@@ -174,7 +174,7 @@ func TestHTTPOnlyCookie(t *testing.T) {
p.dropCookie(resp, req.Host, "test-cookie", "test-value", 0)
assert.Equal(t, resp.Header().Get("Set-Cookie"),
- "test-cookie=test-value; Path=/; Domain=127.0.0.1",
+ "test-cookie=test-value; Path=/",
"we have not set the cookie, headers: %v", resp.Header())
req = newFakeHTTPRequest("GET", "/admin")
@@ -183,7 +183,7 @@ func TestHTTPOnlyCookie(t *testing.T) {
p.dropCookie(resp, req.Host, "test-cookie", "test-value", 0)
assert.Equal(t, resp.Header().Get("Set-Cookie"),
- "test-cookie=test-value; Path=/; Domain=127.0.0.1; HttpOnly",
+ "test-cookie=test-value; Path=/; HttpOnly",
"we have not set the cookie, headers: %v", resp.Header())
}
@@ -194,7 +194,7 @@ func TestClearAccessTokenCookie(t *testing.T) {
resp := httptest.NewRecorder()
p.clearAccessTokenCookie(req, resp)
assert.Contains(t, resp.Header().Get("Set-Cookie"),
- accessCookie+"=; Path=/; Domain=127.0.0.1; Expires=",
+ accessCookie+"=; Path=/; Expires=",
"we have not cleared the, headers: %v", resp.Header())
}
@@ -204,7 +204,7 @@ func TestClearRefreshAccessTokenCookie(t *testing.T) {
resp := httptest.NewRecorder()
p.clearRefreshTokenCookie(req, resp)
assert.Contains(t, resp.Header().Get("Set-Cookie"),
- refreshCookie+"=; Path=/; Domain=127.0.0.1; Expires=",
+ refreshCookie+"=; Path=/; Expires=",
"we have not cleared the, headers: %v", resp.Header())
}
@@ -214,7 +214,7 @@ func TestClearAllCookies(t *testing.T) {
resp := httptest.NewRecorder()
p.clearAllCookies(req, resp)
assert.Contains(t, resp.Header().Get("Set-Cookie"),
- accessCookie+"=; Path=/; Domain=127.0.0.1; Expires=",
+ accessCookie+"=; Path=/; Expires=",
"we have not cleared the, headers: %v", resp.Header())
}