mirror of
https://github.com/PeterMaquiran/tvone.git
synced 2026-04-22 20:15:51 +00:00
41 lines
1.1 KiB
TypeScript
41 lines
1.1 KiB
TypeScript
const PUBLIC_SUFFIX_BLOCKLIST = new Set([
|
|
"localhost",
|
|
"127.0.0.1",
|
|
]);
|
|
|
|
export function getCookieDomain(hostname: string): string | undefined {
|
|
if (!hostname) return undefined;
|
|
|
|
const cleanHost = hostname.toLowerCase().split(":")[0];
|
|
|
|
// 1. Local / dev environments → no domain
|
|
if (PUBLIC_SUFFIX_BLOCKLIST.has(cleanHost) || cleanHost.endsWith(".local")) {
|
|
return undefined;
|
|
}
|
|
|
|
const parts = cleanHost.split(".").filter(Boolean);
|
|
|
|
// 2. IP address → no domain cookies
|
|
const isIp = parts.every((p) => /^\d+$/.test(p));
|
|
if (isIp) return undefined;
|
|
|
|
// 3. Must have at least domain + tld
|
|
if (parts.length < 2) return undefined;
|
|
|
|
// 4. Handle common case: api.example.com → example.com
|
|
const rootDomain = parts.slice(-2).join(".");
|
|
|
|
// 5. Safety: avoid setting cookie on known public suffix-like domains
|
|
// const unsafeTlds = new Set([
|
|
// "vercel.app",
|
|
// "netlify.app",
|
|
// "github.io",
|
|
// "firebaseapp.com",
|
|
// ]);
|
|
|
|
// if (unsafeTlds.has(rootDomain)) {
|
|
// return undefined;
|
|
// }
|
|
|
|
return `.${rootDomain}`;
|
|
} |