gh-135768: fix allowed/blocked IPv6 domains in http.cookiejar

Lib/http/cookiejar.py

@@ -533,14 +533,20 @@ def parse_ns_headers(ns_headers):
 
 
 IPV4_RE = re.compile(r"\.\d+$", re.ASCII)
+def is_ip(text):
+    """Return True if text is a valid IP address."""
+    from ipaddress import ip_address
+    try:
+        ip_address(text)
+    except ValueError:
+        return False
+    return True
 def is_HDN(text):
     """Return True if text is a host domain name."""
     # XXX
     # This may well be wrong.  Which RFC is HDN defined in, if any (for
     #  the purposes of RFC 2965)?
-    # For the current implementation, what about IPv6?  Remember to look
-    #  at other uses of IPV4_RE also, if change this.
-    if IPV4_RE.search(text):
+    if is_ip(text):
         return False
     if text == "":
         return False
@@ -593,9 +599,7 @@ def liberal_is_HDN(text):
     For accepting/blocking domains.
 
     """
-    if IPV4_RE.search(text):
-        return False
-    return True
+    return not is_ip(text)
 
 def user_domain_match(A, B):
     """For blocking/accepting domains.
@@ -607,7 +611,6 @@ def user_domain_match(A, B):
     B = B.lower()
     if not (liberal_is_HDN(A) and liberal_is_HDN(B)):
         if A == B:
-            # equal IP addresses
             return True
         return False
     initial_dot = B.startswith(".")
@@ -641,7 +644,8 @@ def eff_request_host(request):
 
     """
     erhn = req_host = request_host(request)
-    if "." not in req_host:
+    if "." not in req_host and '[' not in req_host:
+        # detect '[' mainly for IPv6 addr like [::1]
         erhn = req_host + ".local"
     return req_host, erhn
 

Misc/NEWS.d/next/Library/2025-06-20-17-03-51.gh-issue-135768.DhUJWf.rst

@@ -0,0 +1 @@
+:mod:`http.cookiejar` now supports IPv6 address in blocked_domains and allowed_domains of class DefaultCookiePolicy