Why is the leading full stop in domain omitted?

[Frederick888]

// parse.rs:160
let domain = match v.starts_with('.') {
    true => &v[1..],
    false => v,
};

What is the purpose of this? I believe that the leading full stop is not meaningless as cookies for .example.com are visible to sub.example.com whereas the ones for example.com are not.

[alexcrichton]

cc @SergioBenitez

[SergioBenitez]

According to RFC 6265 section 4.1.2.3, a leading dot is not permitted. The previous RFC on cookies, RFC 2109, however, mandated that a domain start with a dot if it was explicitly specified. As a result, older browsers, namely IE, accept and send along a leading dot. Newer browsers do not.

The leading dot is illegal. The parser allows the leading dot for compatibility but strips it for conformance with the current RFC. Note, however, that the leading dot is not stripped on outgoing cookies when explicitly set via Cookie.set_domain or CookieBuilder.domain, allowing for compatibility with older browsers.

[Frederick888]

@SergioBenitez Thanks for the clarification. Can't believe that it's an RFC written 6 years ago however I've never heard of it. I'd close this issue.