Cookies Set on Wrong Domain When Redirects Disabled

[zerooverride]

Expected Behavior

When a request (with Follow redirects disabled) to originaldomain.com results in a response with

Location: otherdomain.com
Set-Cookie: foo=bar

I expect the foo=bar cookie is set with domain originaldomain.com.

Actual Behavior

When a request (with Follow redirects disabled) to originaldomain.com results in a response with

Location: otherdomain.com
Set-Cookie: foo=bar

The foo=bar cookie is being set with domain otherdomain.com instead of originaldomain.com.

When Follow redirects is enabled, this works as expected.

Reproduction Steps

1. Disable Follow redirects in Insomnia preferences
2. Visit a site that returns a 307 response with a location header of a different domain and a set-cookie header without a domain attribute (my test endpoints do not include a domain attribute in the cookie response so maybe that is related, I have not tested when a domain is included)
3. Observe that cookie in insomnia is linked to the domain in the location header instead of the original requested domain, which returned the set-cookie header

Is there an existing issue for this?

• I have searched the issue tracker for this problem.

Which sync method do you use?

• Git sync.
• Insomnia Cloud sync.
• Local only

Additional Information

When Follow redirects is enabled the cookie is set correctly on the original domain.

This is somewhat similar to #6478 but that is about when Follow redirects is enabled and a cookie is set by the second domain. This is about when Follow redirects is disabled and the original domain attempts to set a cookie.

Originally found issue on version 2023.5.8 of Insomnia, upgraded to 10.3.1 hoping it was fixed, but it is not.

Insomnia Version

10.3.1

What operating system are you using?

Windows

Operating System Version

Windows 11 Version 22H2

Installation method

download from insomnia.rest

Last Known Working Insomnia version

No response