[PR #7821/366ba40f backport][3.9] Only check origin if insecure scheme and there are origins to treat as secure, in CookieJar.filter_cookies() (#7825)

patchback[bot] · Rongronggg9 · web-flow · commit c0f9017a9a34 · 2023-11-12T21:10:34.000Z
**This is a backport of PR #7821 as merged into master (366ba40).** Co-authored-by: Rongrong <i@rong.moe>
diff --git a/CHANGES/7821.feature b/CHANGES/7821.feature
@@ -0,0 +1 @@
+Only check origin if insecure scheme and there are origins to treat as secure, in ``CookieJar.filter_cookies()``.
diff --git a/aiohttp/cookiejar.py b/aiohttp/cookiejar.py
@@ -248,14 +248,13 @@ def filter_cookies(
             return filtered
         request_url = URL(request_url)
         hostname = request_url.raw_host or ""
-        request_origin = URL()
-        with contextlib.suppress(ValueError):
-            request_origin = request_url.origin()
 
-        is_not_secure = (
-            request_url.scheme not in ("https", "wss")
-            and request_origin not in self._treat_as_secure_origin
-        )
+        is_not_secure = request_url.scheme not in ("https", "wss")
+        if is_not_secure and self._treat_as_secure_origin:
+            request_origin = URL()
+            with contextlib.suppress(ValueError):
+                request_origin = request_url.origin()
+            is_not_secure = request_origin not in self._treat_as_secure_origin
 
         # Point 2: https://www.rfc-editor.org/rfc/rfc6265.html#section-5.4
         for cookie in sorted(self, key=lambda c: len(c["path"])):

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Only check origin if insecure scheme and there are origins to treat as secure, in ``CookieJar.filter_cookies()``.