From 6a8b8f5a49af7897b98ebfb29a1c4955afa3d33e Mon Sep 17 00:00:00 2001
From: Blake Embrey <hello@blakeembrey.com>
Date: Thu, 3 Oct 2024 11:12:24 -0700
Subject: [PATCH] Allow leading dot for domain (#174)

---
 index.js          | 8 +++++++-
 test/serialize.js | 4 +++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/index.js b/index.js
index 47aca9e..51a58cb 100644
--- a/index.js
+++ b/index.js
@@ -64,9 +64,15 @@ var cookieValueRegExp = /^("?)[\u0021\u0023-\u002B\u002D-\u003A\u003C-\u005B\u00
  * <letter>          = any one of the 52 alphabetic characters A through Z in
  *                     upper case and a through z in lower case
  * <digit>           = any one of the ten digits 0 through 9
+ *
+ * Keep support for leading dot: https://github.com/jshttp/cookie/issues/173
+ *
+ * > (Note that a leading %x2E ("."), if present, is ignored even though that
+ * character is not permitted, but a trailing %x2E ("."), if present, will
+ * cause the user agent to ignore the attribute.)
  */
 
-var domainValueRegExp = /^([a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i;
+var domainValueRegExp = /^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i;
 
 /**
  * RegExp to match path-value in RFC 6265 sec 4.1.1
diff --git a/test/serialize.js b/test/serialize.js
index be84595..1ee3235 100644
--- a/test/serialize.js
+++ b/test/serialize.js
@@ -76,6 +76,9 @@ describe('cookie.serialize(name, value, options)', function () {
       var validDomains = [
         'example.com',
         'sub.example.com',
+        '.example.com',
+        'localhost',
+        '.localhost',
         'my-site.org',
         'localhost'
       ];
@@ -94,7 +97,6 @@ describe('cookie.serialize(name, value, options)', function () {
         'sub.example.com\u0000',
         'my site.org',
         'domain..com',
-        '.example.com',
         'example.com; Path=/',
         'example.com /* inject a comment */'
       ];