From 3952d35abe334a0e6afd1f6e34a74d984d1e9d24 Mon Sep 17 00:00:00 2001
From: Chirayu Krishnappa
Date: Fri, 10 May 2013 19:17:56 -0700
Subject: fix($browser): should use first value for a cookie.

With this change, $browser.cookies()["foo"] will behave like
docCookies.getItem("foo") where docCookies is defined at
https://developer.mozilla.org/en-US/docs/DOM/document.cookie

This fixes the issue where, if there's a value for the XSRF-TOKEN cookie
value with the path /, then that value is used for all applications in
the domain even if they set path specific values for XSRF-TOKEN.

Closes #2635
---
 src/ng/browser.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/ng/browser.js')

diff --git a/src/ng/browser.js b/src/ng/browser.js
index bda372be..7a32993f 100644
--- a/src/ng/browser.js
+++ b/src/ng/browser.js
@@ -297,7 +297,13 @@ function Browser(window, document, $log, $sniffer) {
           cookie = cookieArray[i];
           index = cookie.indexOf('=');
           if (index > 0) { //ignore nameless cookies
-            lastCookies[unescape(cookie.substring(0, index))] = unescape(cookie.substring(index + 1));
+            var name = unescape(cookie.substring(0, index));
+            // the first value that is seen for a cookie is the most
+            // specific one.  values for the same cookie name that
+            // follow are for less specific paths.
+            if (lastCookies[name] === undefined) {
+              lastCookies[name] = unescape(cookie.substring(index + 1));
+            }
           }
         }
       }
-- 
cgit v1.2.3