twitst4tz

cookie.js (40917B)

---

 /*!
  * Copyright (c) 2015, Salesforce.com, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  * 1. Redistributions of source code must retain the above copyright notice,
  * this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright notice,
  * this list of conditions and the following disclaimer in the documentation
  * and/or other materials provided with the distribution.
  *
  * 3. Neither the name of Salesforce.com nor the names of its contributors may
  * be used to endorse or promote products derived from this software without
  * specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 'use strict';
 var net = require('net');
 var urlParse = require('url').parse;
 var util = require('util');
 var pubsuffix = require('./pubsuffix-psl');
 var Store = require('./store').Store;
 var MemoryCookieStore = require('./memstore').MemoryCookieStore;
 var pathMatch = require('./pathMatch').pathMatch;
 var VERSION = require('./version');
 
 var punycode;
 try {
   punycode = require('punycode');
 } catch(e) {
   console.warn("tough-cookie: can't load punycode; won't use punycode for domain normalization");
 }
 
 // From RFC6265 S4.1.1
 // note that it excludes \x3B ";"
 var COOKIE_OCTETS = /^[\x21\x23-\x2B\x2D-\x3A\x3C-\x5B\x5D-\x7E]+$/;
 
 var CONTROL_CHARS = /[\x00-\x1F]/;
 
 // From Chromium // '\r', '\n' and '\0' should be treated as a terminator in
 // the "relaxed" mode, see:
 // https://github.com/ChromiumWebApps/chromium/blob/b3d3b4da8bb94c1b2e061600df106d590fda3620/net/cookies/parsed_cookie.cc#L60
 var TERMINATORS = ['\n', '\r', '\0'];
 
 // RFC6265 S4.1.1 defines path value as 'any CHAR except CTLs or ";"'
 // Note ';' is \x3B
 var PATH_VALUE = /[\x20-\x3A\x3C-\x7E]+/;
 
 // date-time parsing constants (RFC6265 S5.1.1)
 
 var DATE_DELIM = /[\x09\x20-\x2F\x3B-\x40\x5B-\x60\x7B-\x7E]/;
 
 var MONTH_TO_NUM = {
   jan:0, feb:1, mar:2, apr:3, may:4, jun:5,
   jul:6, aug:7, sep:8, oct:9, nov:10, dec:11
 };
 var NUM_TO_MONTH = [
   'Jan','Feb','Mar','Apr','May','Jun','Jul','Aug','Sep','Oct','Nov','Dec'
 ];
 var NUM_TO_DAY = [
   'Sun','Mon','Tue','Wed','Thu','Fri','Sat'
 ];
 
 var MAX_TIME = 2147483647000; // 31-bit max
 var MIN_TIME = 0; // 31-bit min
 
 /*
  * Parses a Natural number (i.e., non-negative integer) with either the
  *    <min>*<max>DIGIT ( non-digit *OCTET )
  * or
  *    <min>*<max>DIGIT
  * grammar (RFC6265 S5.1.1).
  *
  * The "trailingOK" boolean controls if the grammar accepts a
  * "( non-digit *OCTET )" trailer.
  */
 function parseDigits(token, minDigits, maxDigits, trailingOK) {
   var count = 0;
   while (count < token.length) {
     var c = token.charCodeAt(count);
     // "non-digit = %x00-2F / %x3A-FF"
     if (c <= 0x2F || c >= 0x3A) {
       break;
     }
     count++;
   }
 
   // constrain to a minimum and maximum number of digits.
   if (count < minDigits || count > maxDigits) {
     return null;
   }
 
   if (!trailingOK && count != token.length) {
     return null;
   }
 
   return parseInt(token.substr(0,count), 10);
 }
 
 function parseTime(token) {
   var parts = token.split(':');
   var result = [0,0,0];
 
   /* RF6256 S5.1.1:
    *      time            = hms-time ( non-digit *OCTET )
    *      hms-time        = time-field ":" time-field ":" time-field
    *      time-field      = 1*2DIGIT
    */
 
   if (parts.length !== 3) {
     return null;
   }
 
   for (var i = 0; i < 3; i++) {
     // "time-field" must be strictly "1*2DIGIT", HOWEVER, "hms-time" can be
     // followed by "( non-digit *OCTET )" so therefore the last time-field can
     // have a trailer
     var trailingOK = (i == 2);
     var num = parseDigits(parts[i], 1, 2, trailingOK);
     if (num === null) {
       return null;
     }
     result[i] = num;
   }
 
   return result;
 }
 
 function parseMonth(token) {
   token = String(token).substr(0,3).toLowerCase();
   var num = MONTH_TO_NUM[token];
   return num >= 0 ? num : null;
 }
 
 /*
  * RFC6265 S5.1.1 date parser (see RFC for full grammar)
  */
 function parseDate(str) {
   if (!str) {
     return;
   }
 
   /* RFC6265 S5.1.1:
    * 2. Process each date-token sequentially in the order the date-tokens
    * appear in the cookie-date
    */
   var tokens = str.split(DATE_DELIM);
   if (!tokens) {
     return;
   }
 
   var hour = null;
   var minute = null;
   var second = null;
   var dayOfMonth = null;
   var month = null;
   var year = null;
 
   for (var i=0; i<tokens.length; i++) {
     var token = tokens[i].trim();
     if (!token.length) {
       continue;
     }
 
     var result;
 
     /* 2.1. If the found-time flag is not set and the token matches the time
      * production, set the found-time flag and set the hour- value,
      * minute-value, and second-value to the numbers denoted by the digits in
      * the date-token, respectively.  Skip the remaining sub-steps and continue
      * to the next date-token.
      */
     if (second === null) {
       result = parseTime(token);
       if (result) {
         hour = result[0];
         minute = result[1];
         second = result[2];
         continue;
       }
     }
 
     /* 2.2. If the found-day-of-month flag is not set and the date-token matches
      * the day-of-month production, set the found-day-of- month flag and set
      * the day-of-month-value to the number denoted by the date-token.  Skip
      * the remaining sub-steps and continue to the next date-token.
      */
     if (dayOfMonth === null) {
       // "day-of-month = 1*2DIGIT ( non-digit *OCTET )"
       result = parseDigits(token, 1, 2, true);
       if (result !== null) {
         dayOfMonth = result;
         continue;
       }
     }
 
     /* 2.3. If the found-month flag is not set and the date-token matches the
      * month production, set the found-month flag and set the month-value to
      * the month denoted by the date-token.  Skip the remaining sub-steps and
      * continue to the next date-token.
      */
     if (month === null) {
       result = parseMonth(token);
       if (result !== null) {
         month = result;
         continue;
       }
     }
 
     /* 2.4. If the found-year flag is not set and the date-token matches the
      * year production, set the found-year flag and set the year-value to the
      * number denoted by the date-token.  Skip the remaining sub-steps and
      * continue to the next date-token.
      */
     if (year === null) {
       // "year = 2*4DIGIT ( non-digit *OCTET )"
       result = parseDigits(token, 2, 4, true);
       if (result !== null) {
         year = result;
         /* From S5.1.1:
          * 3.  If the year-value is greater than or equal to 70 and less
          * than or equal to 99, increment the year-value by 1900.
          * 4.  If the year-value is greater than or equal to 0 and less
          * than or equal to 69, increment the year-value by 2000.
          */
         if (year >= 70 && year <= 99) {
           year += 1900;
         } else if (year >= 0 && year <= 69) {
           year += 2000;
         }
       }
     }
   }
 
   /* RFC 6265 S5.1.1
    * "5. Abort these steps and fail to parse the cookie-date if:
    *     *  at least one of the found-day-of-month, found-month, found-
    *        year, or found-time flags is not set,
    *     *  the day-of-month-value is less than 1 or greater than 31,
    *     *  the year-value is less than 1601,
    *     *  the hour-value is greater than 23,
    *     *  the minute-value is greater than 59, or
    *     *  the second-value is greater than 59.
    *     (Note that leap seconds cannot be represented in this syntax.)"
    *
    * So, in order as above:
    */
   if (
     dayOfMonth === null || month === null || year === null || second === null ||
     dayOfMonth < 1 || dayOfMonth > 31 ||
     year < 1601 ||
     hour > 23 ||
     minute > 59 ||
     second > 59
   ) {
     return;
   }
 
   return new Date(Date.UTC(year, month, dayOfMonth, hour, minute, second));
 }
 
 function formatDate(date) {
   var d = date.getUTCDate(); d = d >= 10 ? d : '0'+d;
   var h = date.getUTCHours(); h = h >= 10 ? h : '0'+h;
   var m = date.getUTCMinutes(); m = m >= 10 ? m : '0'+m;
   var s = date.getUTCSeconds(); s = s >= 10 ? s : '0'+s;
   return NUM_TO_DAY[date.getUTCDay()] + ', ' +
     d+' '+ NUM_TO_MONTH[date.getUTCMonth()] +' '+ date.getUTCFullYear() +' '+
     h+':'+m+':'+s+' GMT';
 }
 
 // S5.1.2 Canonicalized Host Names
 function canonicalDomain(str) {
   if (str == null) {
     return null;
   }
   str = str.trim().replace(/^\./,''); // S4.1.2.3 & S5.2.3: ignore leading .
 
   // convert to IDN if any non-ASCII characters
   if (punycode && /[^\u0001-\u007f]/.test(str)) {
     str = punycode.toASCII(str);
   }
 
   return str.toLowerCase();
 }
 
 // S5.1.3 Domain Matching
 function domainMatch(str, domStr, canonicalize) {
   if (str == null || domStr == null) {
     return null;
   }
   if (canonicalize !== false) {
     str = canonicalDomain(str);
     domStr = canonicalDomain(domStr);
   }
 
   /*
    * "The domain string and the string are identical. (Note that both the
    * domain string and the string will have been canonicalized to lower case at
    * this point)"
    */
   if (str == domStr) {
     return true;
   }
 
   /* "All of the following [three] conditions hold:" (order adjusted from the RFC) */
 
   /* "* The string is a host name (i.e., not an IP address)." */
   if (net.isIP(str)) {
     return false;
   }
 
   /* "* The domain string is a suffix of the string" */
   var idx = str.indexOf(domStr);
   if (idx <= 0) {
     return false; // it's a non-match (-1) or prefix (0)
   }
 
   // e.g "a.b.c".indexOf("b.c") === 2
   // 5 === 3+2
   if (str.length !== domStr.length + idx) { // it's not a suffix
     return false;
   }
 
   /* "* The last character of the string that is not included in the domain
   * string is a %x2E (".") character." */
   if (str.substr(idx-1,1) !== '.') {
     return false;
   }
 
   return true;
 }
 
 
 // RFC6265 S5.1.4 Paths and Path-Match
 
 /*
  * "The user agent MUST use an algorithm equivalent to the following algorithm
  * to compute the default-path of a cookie:"
  *
  * Assumption: the path (and not query part or absolute uri) is passed in.
  */
 function defaultPath(path) {
   // "2. If the uri-path is empty or if the first character of the uri-path is not
   // a %x2F ("/") character, output %x2F ("/") and skip the remaining steps.
   if (!path || path.substr(0,1) !== "/") {
     return "/";
   }
 
   // "3. If the uri-path contains no more than one %x2F ("/") character, output
   // %x2F ("/") and skip the remaining step."
   if (path === "/") {
     return path;
   }
 
   var rightSlash = path.lastIndexOf("/");
   if (rightSlash === 0) {
     return "/";
   }
 
   // "4. Output the characters of the uri-path from the first character up to,
   // but not including, the right-most %x2F ("/")."
   return path.slice(0, rightSlash);
 }
 
 function trimTerminator(str) {
   for (var t = 0; t < TERMINATORS.length; t++) {
     var terminatorIdx = str.indexOf(TERMINATORS[t]);
     if (terminatorIdx !== -1) {
       str = str.substr(0,terminatorIdx);
     }
   }
 
   return str;
 }
 
 function parseCookiePair(cookiePair, looseMode) {
   cookiePair = trimTerminator(cookiePair);
 
   var firstEq = cookiePair.indexOf('=');
   if (looseMode) {
     if (firstEq === 0) { // '=' is immediately at start
       cookiePair = cookiePair.substr(1);
       firstEq = cookiePair.indexOf('='); // might still need to split on '='
     }
   } else { // non-loose mode
     if (firstEq <= 0) { // no '=' or is at start
       return; // needs to have non-empty "cookie-name"
     }
   }
 
   var cookieName, cookieValue;
   if (firstEq <= 0) {
     cookieName = "";
     cookieValue = cookiePair.trim();
   } else {
     cookieName = cookiePair.substr(0, firstEq).trim();
     cookieValue = cookiePair.substr(firstEq+1).trim();
   }
 
   if (CONTROL_CHARS.test(cookieName) || CONTROL_CHARS.test(cookieValue)) {
     return;
   }
 
   var c = new Cookie();
   c.key = cookieName;
   c.value = cookieValue;
   return c;
 }
 
 function parse(str, options) {
   if (!options || typeof options !== 'object') {
     options = {};
   }
   str = str.trim();
 
   // We use a regex to parse the "name-value-pair" part of S5.2
   var firstSemi = str.indexOf(';'); // S5.2 step 1
   var cookiePair = (firstSemi === -1) ? str : str.substr(0, firstSemi);
   var c = parseCookiePair(cookiePair, !!options.loose);
   if (!c) {
     return;
   }
 
   if (firstSemi === -1) {
     return c;
   }
 
   // S5.2.3 "unparsed-attributes consist of the remainder of the set-cookie-string
   // (including the %x3B (";") in question)." plus later on in the same section
   // "discard the first ";" and trim".
   var unparsed = str.slice(firstSemi + 1).trim();
 
   // "If the unparsed-attributes string is empty, skip the rest of these
   // steps."
   if (unparsed.length === 0) {
     return c;
   }
 
   /*
    * S5.2 says that when looping over the items "[p]rocess the attribute-name
    * and attribute-value according to the requirements in the following
    * subsections" for every item.  Plus, for many of the individual attributes
    * in S5.3 it says to use the "attribute-value of the last attribute in the
    * cookie-attribute-list".  Therefore, in this implementation, we overwrite
    * the previous value.
    */
   var cookie_avs = unparsed.split(';');
   while (cookie_avs.length) {
     var av = cookie_avs.shift().trim();
     if (av.length === 0) { // happens if ";;" appears
       continue;
     }
     var av_sep = av.indexOf('=');
     var av_key, av_value;
 
     if (av_sep === -1) {
       av_key = av;
       av_value = null;
     } else {
       av_key = av.substr(0,av_sep);
       av_value = av.substr(av_sep+1);
     }
 
     av_key = av_key.trim().toLowerCase();
 
     if (av_value) {
       av_value = av_value.trim();
     }
 
     switch(av_key) {
     case 'expires': // S5.2.1
       if (av_value) {
         var exp = parseDate(av_value);
         // "If the attribute-value failed to parse as a cookie date, ignore the
         // cookie-av."
         if (exp) {
           // over and underflow not realistically a concern: V8's getTime() seems to
           // store something larger than a 32-bit time_t (even with 32-bit node)
           c.expires = exp;
         }
       }
       break;
 
     case 'max-age': // S5.2.2
       if (av_value) {
         // "If the first character of the attribute-value is not a DIGIT or a "-"
         // character ...[or]... If the remainder of attribute-value contains a
         // non-DIGIT character, ignore the cookie-av."
         if (/^-?[0-9]+$/.test(av_value)) {
           var delta = parseInt(av_value, 10);
           // "If delta-seconds is less than or equal to zero (0), let expiry-time
           // be the earliest representable date and time."
           c.setMaxAge(delta);
         }
       }
       break;
 
     case 'domain': // S5.2.3
       // "If the attribute-value is empty, the behavior is undefined.  However,
       // the user agent SHOULD ignore the cookie-av entirely."
       if (av_value) {
         // S5.2.3 "Let cookie-domain be the attribute-value without the leading %x2E
         // (".") character."
         var domain = av_value.trim().replace(/^\./, '');
         if (domain) {
           // "Convert the cookie-domain to lower case."
           c.domain = domain.toLowerCase();
         }
       }
       break;
 
     case 'path': // S5.2.4
       /*
        * "If the attribute-value is empty or if the first character of the
        * attribute-value is not %x2F ("/"):
        *   Let cookie-path be the default-path.
        * Otherwise:
        *   Let cookie-path be the attribute-value."
        *
        * We'll represent the default-path as null since it depends on the
        * context of the parsing.
        */
       c.path = av_value && av_value[0] === "/" ? av_value : null;
       break;
 
     case 'secure': // S5.2.5
       /*
        * "If the attribute-name case-insensitively matches the string "Secure",
        * the user agent MUST append an attribute to the cookie-attribute-list
        * with an attribute-name of Secure and an empty attribute-value."
        */
       c.secure = true;
       break;
 
     case 'httponly': // S5.2.6 -- effectively the same as 'secure'
       c.httpOnly = true;
       break;
 
     default:
       c.extensions = c.extensions || [];
       c.extensions.push(av);
       break;
     }
   }
 
   return c;
 }
 
 // avoid the V8 deoptimization monster!
 function jsonParse(str) {
   var obj;
   try {
     obj = JSON.parse(str);
   } catch (e) {
     return e;
   }
   return obj;
 }
 
 function fromJSON(str) {
   if (!str) {
     return null;
   }
 
   var obj;
   if (typeof str === 'string') {
     obj = jsonParse(str);
     if (obj instanceof Error) {
       return null;
     }
   } else {
     // assume it's an Object
     obj = str;
   }
 
   var c = new Cookie();
   for (var i=0; i<Cookie.serializableProperties.length; i++) {
     var prop = Cookie.serializableProperties[i];
     if (obj[prop] === undefined ||
         obj[prop] === Cookie.prototype[prop])
     {
       continue; // leave as prototype default
     }
 
     if (prop === 'expires' ||
         prop === 'creation' ||
         prop === 'lastAccessed')
     {
       if (obj[prop] === null) {
         c[prop] = null;
       } else {
         c[prop] = obj[prop] == "Infinity" ?
           "Infinity" : new Date(obj[prop]);
       }
     } else {
       c[prop] = obj[prop];
     }
   }
 
   return c;
 }
 
 /* Section 5.4 part 2:
  * "*  Cookies with longer paths are listed before cookies with
  *     shorter paths.
  *
  *  *  Among cookies that have equal-length path fields, cookies with
  *     earlier creation-times are listed before cookies with later
  *     creation-times."
  */
 
 function cookieCompare(a,b) {
   var cmp = 0;
 
   // descending for length: b CMP a
   var aPathLen = a.path ? a.path.length : 0;
   var bPathLen = b.path ? b.path.length : 0;
   cmp = bPathLen - aPathLen;
   if (cmp !== 0) {
     return cmp;
   }
 
   // ascending for time: a CMP b
   var aTime = a.creation ? a.creation.getTime() : MAX_TIME;
   var bTime = b.creation ? b.creation.getTime() : MAX_TIME;
   cmp = aTime - bTime;
   if (cmp !== 0) {
     return cmp;
   }
 
   // break ties for the same millisecond (precision of JavaScript's clock)
   cmp = a.creationIndex - b.creationIndex;
 
   return cmp;
 }
 
 // Gives the permutation of all possible pathMatch()es of a given path. The
 // array is in longest-to-shortest order.  Handy for indexing.
 function permutePath(path) {
   if (path === '/') {
     return ['/'];
   }
   if (path.lastIndexOf('/') === path.length-1) {
     path = path.substr(0,path.length-1);
   }
   var permutations = [path];
   while (path.length > 1) {
     var lindex = path.lastIndexOf('/');
     if (lindex === 0) {
       break;
     }
     path = path.substr(0,lindex);
     permutations.push(path);
   }
   permutations.push('/');
   return permutations;
 }
 
 function getCookieContext(url) {
   if (url instanceof Object) {
     return url;
   }
   // NOTE: decodeURI will throw on malformed URIs (see GH-32).
   // Therefore, we will just skip decoding for such URIs.
   try {
     url = decodeURI(url);
   }
   catch(err) {
     // Silently swallow error
   }
 
   return urlParse(url);
 }
 
 function Cookie(options) {
   options = options || {};
 
   Object.keys(options).forEach(function(prop) {
     if (Cookie.prototype.hasOwnProperty(prop) &&
         Cookie.prototype[prop] !== options[prop] &&
         prop.substr(0,1) !== '_')
     {
       this[prop] = options[prop];
     }
   }, this);
 
   this.creation = this.creation || new Date();
 
   // used to break creation ties in cookieCompare():
   Object.defineProperty(this, 'creationIndex', {
     configurable: false,
     enumerable: false, // important for assert.deepEqual checks
     writable: true,
     value: ++Cookie.cookiesCreated
   });
 }
 
 Cookie.cookiesCreated = 0; // incremented each time a cookie is created
 
 Cookie.parse = parse;
 Cookie.fromJSON = fromJSON;
 
 Cookie.prototype.key = "";
 Cookie.prototype.value = "";
 
 // the order in which the RFC has them:
 Cookie.prototype.expires = "Infinity"; // coerces to literal Infinity
 Cookie.prototype.maxAge = null; // takes precedence over expires for TTL
 Cookie.prototype.domain = null;
 Cookie.prototype.path = null;
 Cookie.prototype.secure = false;
 Cookie.prototype.httpOnly = false;
 Cookie.prototype.extensions = null;
 
 // set by the CookieJar:
 Cookie.prototype.hostOnly = null; // boolean when set
 Cookie.prototype.pathIsDefault = null; // boolean when set
 Cookie.prototype.creation = null; // Date when set; defaulted by Cookie.parse
 Cookie.prototype.lastAccessed = null; // Date when set
 Object.defineProperty(Cookie.prototype, 'creationIndex', {
   configurable: true,
   enumerable: false,
   writable: true,
   value: 0
 });
 
 Cookie.serializableProperties = Object.keys(Cookie.prototype)
   .filter(function(prop) {
     return !(
       Cookie.prototype[prop] instanceof Function ||
       prop === 'creationIndex' ||
       prop.substr(0,1) === '_'
     );
   });
 
 Cookie.prototype.inspect = function inspect() {
   var now = Date.now();
   return 'Cookie="'+this.toString() +
     '; hostOnly='+(this.hostOnly != null ? this.hostOnly : '?') +
     '; aAge='+(this.lastAccessed ? (now-this.lastAccessed.getTime())+'ms' : '?') +
     '; cAge='+(this.creation ? (now-this.creation.getTime())+'ms' : '?') +
     '"';
 };
 
 // Use the new custom inspection symbol to add the custom inspect function if
 // available.
 if (util.inspect.custom) {
   Cookie.prototype[util.inspect.custom] = Cookie.prototype.inspect;
 }
 
 Cookie.prototype.toJSON = function() {
   var obj = {};
 
   var props = Cookie.serializableProperties;
   for (var i=0; i<props.length; i++) {
     var prop = props[i];
     if (this[prop] === Cookie.prototype[prop]) {
       continue; // leave as prototype default
     }
 
     if (prop === 'expires' ||
         prop === 'creation' ||
         prop === 'lastAccessed')
     {
       if (this[prop] === null) {
         obj[prop] = null;
       } else {
         obj[prop] = this[prop] == "Infinity" ? // intentionally not ===
           "Infinity" : this[prop].toISOString();
       }
     } else if (prop === 'maxAge') {
       if (this[prop] !== null) {
         // again, intentionally not ===
         obj[prop] = (this[prop] == Infinity || this[prop] == -Infinity) ?
           this[prop].toString() : this[prop];
       }
     } else {
       if (this[prop] !== Cookie.prototype[prop]) {
         obj[prop] = this[prop];
       }
     }
   }
 
   return obj;
 };
 
 Cookie.prototype.clone = function() {
   return fromJSON(this.toJSON());
 };
 
 Cookie.prototype.validate = function validate() {
   if (!COOKIE_OCTETS.test(this.value)) {
     return false;
   }
   if (this.expires != Infinity && !(this.expires instanceof Date) && !parseDate(this.expires)) {
     return false;
   }
   if (this.maxAge != null && this.maxAge <= 0) {
     return false; // "Max-Age=" non-zero-digit *DIGIT
   }
   if (this.path != null && !PATH_VALUE.test(this.path)) {
     return false;
   }
 
   var cdomain = this.cdomain();
   if (cdomain) {
     if (cdomain.match(/\.$/)) {
       return false; // S4.1.2.3 suggests that this is bad. domainMatch() tests confirm this
     }
     var suffix = pubsuffix.getPublicSuffix(cdomain);
     if (suffix == null) { // it's a public suffix
       return false;
     }
   }
   return true;
 };
 
 Cookie.prototype.setExpires = function setExpires(exp) {
   if (exp instanceof Date) {
     this.expires = exp;
   } else {
     this.expires = parseDate(exp) || "Infinity";
   }
 };
 
 Cookie.prototype.setMaxAge = function setMaxAge(age) {
   if (age === Infinity || age === -Infinity) {
     this.maxAge = age.toString(); // so JSON.stringify() works
   } else {
     this.maxAge = age;
   }
 };
 
 // gives Cookie header format
 Cookie.prototype.cookieString = function cookieString() {
   var val = this.value;
   if (val == null) {
     val = '';
   }
   if (this.key === '') {
     return val;
   }
   return this.key+'='+val;
 };
 
 // gives Set-Cookie header format
 Cookie.prototype.toString = function toString() {
   var str = this.cookieString();
 
   if (this.expires != Infinity) {
     if (this.expires instanceof Date) {
       str += '; Expires='+formatDate(this.expires);
     } else {
       str += '; Expires='+this.expires;
     }
   }
 
   if (this.maxAge != null && this.maxAge != Infinity) {
     str += '; Max-Age='+this.maxAge;
   }
 
   if (this.domain && !this.hostOnly) {
     str += '; Domain='+this.domain;
   }
   if (this.path) {
     str += '; Path='+this.path;
   }
 
   if (this.secure) {
     str += '; Secure';
   }
   if (this.httpOnly) {
     str += '; HttpOnly';
   }
   if (this.extensions) {
     this.extensions.forEach(function(ext) {
       str += '; '+ext;
     });
   }
 
   return str;
 };
 
 // TTL() partially replaces the "expiry-time" parts of S5.3 step 3 (setCookie()
 // elsewhere)
 // S5.3 says to give the "latest representable date" for which we use Infinity
 // For "expired" we use 0
 Cookie.prototype.TTL = function TTL(now) {
   /* RFC6265 S4.1.2.2 If a cookie has both the Max-Age and the Expires
    * attribute, the Max-Age attribute has precedence and controls the
    * expiration date of the cookie.
    * (Concurs with S5.3 step 3)
    */
   if (this.maxAge != null) {
     return this.maxAge<=0 ? 0 : this.maxAge*1000;
   }
 
   var expires = this.expires;
   if (expires != Infinity) {
     if (!(expires instanceof Date)) {
       expires = parseDate(expires) || Infinity;
     }
 
     if (expires == Infinity) {
       return Infinity;
     }
 
     return expires.getTime() - (now || Date.now());
   }
 
   return Infinity;
 };
 
 // expiryTime() replaces the "expiry-time" parts of S5.3 step 3 (setCookie()
 // elsewhere)
 Cookie.prototype.expiryTime = function expiryTime(now) {
   if (this.maxAge != null) {
     var relativeTo = now || this.creation || new Date();
     var age = (this.maxAge <= 0) ? -Infinity : this.maxAge*1000;
     return relativeTo.getTime() + age;
   }
 
   if (this.expires == Infinity) {
     return Infinity;
   }
   return this.expires.getTime();
 };
 
 // expiryDate() replaces the "expiry-time" parts of S5.3 step 3 (setCookie()
 // elsewhere), except it returns a Date
 Cookie.prototype.expiryDate = function expiryDate(now) {
   var millisec = this.expiryTime(now);
   if (millisec == Infinity) {
     return new Date(MAX_TIME);
   } else if (millisec == -Infinity) {
     return new Date(MIN_TIME);
   } else {
     return new Date(millisec);
   }
 };
 
 // This replaces the "persistent-flag" parts of S5.3 step 3
 Cookie.prototype.isPersistent = function isPersistent() {
   return (this.maxAge != null || this.expires != Infinity);
 };
 
 // Mostly S5.1.2 and S5.2.3:
 Cookie.prototype.cdomain =
 Cookie.prototype.canonicalizedDomain = function canonicalizedDomain() {
   if (this.domain == null) {
     return null;
   }
   return canonicalDomain(this.domain);
 };
 
 function CookieJar(store, options) {
   if (typeof options === "boolean") {
     options = {rejectPublicSuffixes: options};
   } else if (options == null) {
     options = {};
   }
   if (options.rejectPublicSuffixes != null) {
     this.rejectPublicSuffixes = options.rejectPublicSuffixes;
   }
   if (options.looseMode != null) {
     this.enableLooseMode = options.looseMode;
   }
 
   if (!store) {
     store = new MemoryCookieStore();
   }
   this.store = store;
 }
 CookieJar.prototype.store = null;
 CookieJar.prototype.rejectPublicSuffixes = true;
 CookieJar.prototype.enableLooseMode = false;
 var CAN_BE_SYNC = [];
 
 CAN_BE_SYNC.push('setCookie');
 CookieJar.prototype.setCookie = function(cookie, url, options, cb) {
   var err;
   var context = getCookieContext(url);
   if (options instanceof Function) {
     cb = options;
     options = {};
   }
 
   var host = canonicalDomain(context.hostname);
   var loose = this.enableLooseMode;
   if (options.loose != null) {
     loose = options.loose;
   }
 
   // S5.3 step 1
   if (!(cookie instanceof Cookie)) {
     cookie = Cookie.parse(cookie, { loose: loose });
   }
   if (!cookie) {
     err = new Error("Cookie failed to parse");
     return cb(options.ignoreError ? null : err);
   }
 
   // S5.3 step 2
   var now = options.now || new Date(); // will assign later to save effort in the face of errors
 
   // S5.3 step 3: NOOP; persistent-flag and expiry-time is handled by getCookie()
 
   // S5.3 step 4: NOOP; domain is null by default
 
   // S5.3 step 5: public suffixes
   if (this.rejectPublicSuffixes && cookie.domain) {
     var suffix = pubsuffix.getPublicSuffix(cookie.cdomain());
     if (suffix == null) { // e.g. "com"
       err = new Error("Cookie has domain set to a public suffix");
       return cb(options.ignoreError ? null : err);
     }
   }
 
   // S5.3 step 6:
   if (cookie.domain) {
     if (!domainMatch(host, cookie.cdomain(), false)) {
       err = new Error("Cookie not in this host's domain. Cookie:"+cookie.cdomain()+" Request:"+host);
       return cb(options.ignoreError ? null : err);
     }
 
     if (cookie.hostOnly == null) { // don't reset if already set
       cookie.hostOnly = false;
     }
 
   } else {
     cookie.hostOnly = true;
     cookie.domain = host;
   }
 
   //S5.2.4 If the attribute-value is empty or if the first character of the
   //attribute-value is not %x2F ("/"):
   //Let cookie-path be the default-path.
   if (!cookie.path || cookie.path[0] !== '/') {
     cookie.path = defaultPath(context.pathname);
     cookie.pathIsDefault = true;
   }
 
   // S5.3 step 8: NOOP; secure attribute
   // S5.3 step 9: NOOP; httpOnly attribute
 
   // S5.3 step 10
   if (options.http === false && cookie.httpOnly) {
     err = new Error("Cookie is HttpOnly and this isn't an HTTP API");
     return cb(options.ignoreError ? null : err);
   }
 
   var store = this.store;
 
   if (!store.updateCookie) {
     store.updateCookie = function(oldCookie, newCookie, cb) {
       this.putCookie(newCookie, cb);
     };
   }
 
   function withCookie(err, oldCookie) {
     if (err) {
       return cb(err);
     }
 
     var next = function(err) {
       if (err) {
         return cb(err);
       } else {
         cb(null, cookie);
       }
     };
 
     if (oldCookie) {
       // S5.3 step 11 - "If the cookie store contains a cookie with the same name,
       // domain, and path as the newly created cookie:"
       if (options.http === false && oldCookie.httpOnly) { // step 11.2
         err = new Error("old Cookie is HttpOnly and this isn't an HTTP API");
         return cb(options.ignoreError ? null : err);
       }
       cookie.creation = oldCookie.creation; // step 11.3
       cookie.creationIndex = oldCookie.creationIndex; // preserve tie-breaker
       cookie.lastAccessed = now;
       // Step 11.4 (delete cookie) is implied by just setting the new one:
       store.updateCookie(oldCookie, cookie, next); // step 12
 
     } else {
       cookie.creation = cookie.lastAccessed = now;
       store.putCookie(cookie, next); // step 12
     }
   }
 
   store.findCookie(cookie.domain, cookie.path, cookie.key, withCookie);
 };
 
 // RFC6365 S5.4
 CAN_BE_SYNC.push('getCookies');
 CookieJar.prototype.getCookies = function(url, options, cb) {
   var context = getCookieContext(url);
   if (options instanceof Function) {
     cb = options;
     options = {};
   }
 
   var host = canonicalDomain(context.hostname);
   var path = context.pathname || '/';
 
   var secure = options.secure;
   if (secure == null && context.protocol &&
       (context.protocol == 'https:' || context.protocol == 'wss:'))
   {
     secure = true;
   }
 
   var http = options.http;
   if (http == null) {
     http = true;
   }
 
   var now = options.now || Date.now();
   var expireCheck = options.expire !== false;
   var allPaths = !!options.allPaths;
   var store = this.store;
 
   function matchingCookie(c) {
     // "Either:
     //   The cookie's host-only-flag is true and the canonicalized
     //   request-host is identical to the cookie's domain.
     // Or:
     //   The cookie's host-only-flag is false and the canonicalized
     //   request-host domain-matches the cookie's domain."
     if (c.hostOnly) {
       if (c.domain != host) {
         return false;
       }
     } else {
       if (!domainMatch(host, c.domain, false)) {
         return false;
       }
     }
 
     // "The request-uri's path path-matches the cookie's path."
     if (!allPaths && !pathMatch(path, c.path)) {
       return false;
     }
 
     // "If the cookie's secure-only-flag is true, then the request-uri's
     // scheme must denote a "secure" protocol"
     if (c.secure && !secure) {
       return false;
     }
 
     // "If the cookie's http-only-flag is true, then exclude the cookie if the
     // cookie-string is being generated for a "non-HTTP" API"
     if (c.httpOnly && !http) {
       return false;
     }
 
     // deferred from S5.3
     // non-RFC: allow retention of expired cookies by choice
     if (expireCheck && c.expiryTime() <= now) {
       store.removeCookie(c.domain, c.path, c.key, function(){}); // result ignored
       return false;
     }
 
     return true;
   }
 
   store.findCookies(host, allPaths ? null : path, function(err,cookies) {
     if (err) {
       return cb(err);
     }
 
     cookies = cookies.filter(matchingCookie);
 
     // sorting of S5.4 part 2
     if (options.sort !== false) {
       cookies = cookies.sort(cookieCompare);
     }
 
     // S5.4 part 3
     var now = new Date();
     cookies.forEach(function(c) {
       c.lastAccessed = now;
     });
     // TODO persist lastAccessed
 
     cb(null,cookies);
   });
 };
 
 CAN_BE_SYNC.push('getCookieString');
 CookieJar.prototype.getCookieString = function(/*..., cb*/) {
   var args = Array.prototype.slice.call(arguments,0);
   var cb = args.pop();
   var next = function(err,cookies) {
     if (err) {
       cb(err);
     } else {
       cb(null, cookies
         .sort(cookieCompare)
         .map(function(c){
           return c.cookieString();
         })
         .join('; '));
     }
   };
   args.push(next);
   this.getCookies.apply(this,args);
 };
 
 CAN_BE_SYNC.push('getSetCookieStrings');
 CookieJar.prototype.getSetCookieStrings = function(/*..., cb*/) {
   var args = Array.prototype.slice.call(arguments,0);
   var cb = args.pop();
   var next = function(err,cookies) {
     if (err) {
       cb(err);
     } else {
       cb(null, cookies.map(function(c){
         return c.toString();
       }));
     }
   };
   args.push(next);
   this.getCookies.apply(this,args);
 };
 
 CAN_BE_SYNC.push('serialize');
 CookieJar.prototype.serialize = function(cb) {
   var type = this.store.constructor.name;
   if (type === 'Object') {
     type = null;
   }
 
   // update README.md "Serialization Format" if you change this, please!
   var serialized = {
     // The version of tough-cookie that serialized this jar. Generally a good
     // practice since future versions can make data import decisions based on
     // known past behavior. When/if this matters, use `semver`.
     version: 'tough-cookie@'+VERSION,
 
     // add the store type, to make humans happy:
     storeType: type,
 
     // CookieJar configuration:
     rejectPublicSuffixes: !!this.rejectPublicSuffixes,
 
     // this gets filled from getAllCookies:
     cookies: []
   };
 
   if (!(this.store.getAllCookies &&
         typeof this.store.getAllCookies === 'function'))
   {
     return cb(new Error('store does not support getAllCookies and cannot be serialized'));
   }
 
   this.store.getAllCookies(function(err,cookies) {
     if (err) {
       return cb(err);
     }
 
     serialized.cookies = cookies.map(function(cookie) {
       // convert to serialized 'raw' cookies
       cookie = (cookie instanceof Cookie) ? cookie.toJSON() : cookie;
 
       // Remove the index so new ones get assigned during deserialization
       delete cookie.creationIndex;
 
       return cookie;
     });
 
     return cb(null, serialized);
   });
 };
 
 // well-known name that JSON.stringify calls
 CookieJar.prototype.toJSON = function() {
   return this.serializeSync();
 };
 
 // use the class method CookieJar.deserialize instead of calling this directly
 CAN_BE_SYNC.push('_importCookies');
 CookieJar.prototype._importCookies = function(serialized, cb) {
   var jar = this;
   var cookies = serialized.cookies;
   if (!cookies || !Array.isArray(cookies)) {
     return cb(new Error('serialized jar has no cookies array'));
   }
   cookies = cookies.slice(); // do not modify the original
 
   function putNext(err) {
     if (err) {
       return cb(err);
     }
 
     if (!cookies.length) {
       return cb(err, jar);
     }
 
     var cookie;
     try {
       cookie = fromJSON(cookies.shift());
     } catch (e) {
       return cb(e);
     }
 
     if (cookie === null) {
       return putNext(null); // skip this cookie
     }
 
     jar.store.putCookie(cookie, putNext);
   }
 
   putNext();
 };
 
 CookieJar.deserialize = function(strOrObj, store, cb) {
   if (arguments.length !== 3) {
     // store is optional
     cb = store;
     store = null;
   }
 
   var serialized;
   if (typeof strOrObj === 'string') {
     serialized = jsonParse(strOrObj);
     if (serialized instanceof Error) {
       return cb(serialized);
     }
   } else {
     serialized = strOrObj;
   }
 
   var jar = new CookieJar(store, serialized.rejectPublicSuffixes);
   jar._importCookies(serialized, function(err) {
     if (err) {
       return cb(err);
     }
     cb(null, jar);
   });
 };
 
 CookieJar.deserializeSync = function(strOrObj, store) {
   var serialized = typeof strOrObj === 'string' ?
     JSON.parse(strOrObj) : strOrObj;
   var jar = new CookieJar(store, serialized.rejectPublicSuffixes);
 
   // catch this mistake early:
   if (!jar.store.synchronous) {
     throw new Error('CookieJar store is not synchronous; use async API instead.');
   }
 
   jar._importCookiesSync(serialized);
   return jar;
 };
 CookieJar.fromJSON = CookieJar.deserializeSync;
 
 CookieJar.prototype.clone = function(newStore, cb) {
   if (arguments.length === 1) {
     cb = newStore;
     newStore = null;
   }
 
   this.serialize(function(err,serialized) {
     if (err) {
       return cb(err);
     }
     CookieJar.deserialize(serialized, newStore, cb);
   });
 };
 
 CAN_BE_SYNC.push('removeAllCookies');
 CookieJar.prototype.removeAllCookies = function(cb) {
   var store = this.store;
 
   // Check that the store implements its own removeAllCookies(). The default
   // implementation in Store will immediately call the callback with a "not
   // implemented" Error.
   if (store.removeAllCookies instanceof Function &&
       store.removeAllCookies !== Store.prototype.removeAllCookies)
   {
     return store.removeAllCookies(cb);
   }
 
   store.getAllCookies(function(err, cookies) {
     if (err) {
       return cb(err);
     }
 
     if (cookies.length === 0) {
       return cb(null);
     }
 
     var completedCount = 0;
     var removeErrors = [];
 
     function removeCookieCb(removeErr) {
       if (removeErr) {
         removeErrors.push(removeErr);
       }
 
       completedCount++;
 
       if (completedCount === cookies.length) {
         return cb(removeErrors.length ? removeErrors[0] : null);
       }
     }
 
     cookies.forEach(function(cookie) {
       store.removeCookie(cookie.domain, cookie.path, cookie.key, removeCookieCb);
     });
   });
 };
 
 CookieJar.prototype._cloneSync = syncWrap('clone');
 CookieJar.prototype.cloneSync = function(newStore) {
   if (!newStore.synchronous) {
     throw new Error('CookieJar clone destination store is not synchronous; use async API instead.');
   }
   return this._cloneSync(newStore);
 };
 
 // Use a closure to provide a true imperative API for synchronous stores.
 function syncWrap(method) {
   return function() {
     if (!this.store.synchronous) {
       throw new Error('CookieJar store is not synchronous; use async API instead.');
     }
 
     var args = Array.prototype.slice.call(arguments);
     var syncErr, syncResult;
     args.push(function syncCb(err, result) {
       syncErr = err;
       syncResult = result;
     });
     this[method].apply(this, args);
 
     if (syncErr) {
       throw syncErr;
     }
     return syncResult;
   };
 }
 
 // wrap all declared CAN_BE_SYNC methods in the sync wrapper
 CAN_BE_SYNC.forEach(function(method) {
   CookieJar.prototype[method+'Sync'] = syncWrap(method);
 });
 
 exports.version = VERSION;
 exports.CookieJar = CookieJar;
 exports.Cookie = Cookie;
 exports.Store = Store;
 exports.MemoryCookieStore = MemoryCookieStore;
 exports.parseDate = parseDate;
 exports.formatDate = formatDate;
 exports.parse = parse;
 exports.fromJSON = fromJSON;
 exports.domainMatch = domainMatch;
 exports.defaultPath = defaultPath;
 exports.pathMatch = pathMatch;
 exports.getPublicSuffix = pubsuffix.getPublicSuffix;
 exports.cookieCompare = cookieCompare;
 exports.permuteDomain = require('./permuteDomain').permuteDomain;
 exports.permutePath = permutePath;
 exports.canonicalDomain = canonicalDomain;