Check if the scheme is http(s) and the host is non-nil in URI.

lib/http/cookie.rb

@@ -342,6 +342,7 @@ class HTTP::Cookie
 
   def acceptable_from_uri?(uri)
     uri = URI(uri)
+    return false unless URI::HTTP === uri && uri.host
     host = DomainName.new(uri.host)
 
     # RFC 6265 5.3
@@ -359,11 +360,11 @@ class HTTP::Cookie
   end
 
   def valid_for_uri?(uri)
-    uri = URI(uri)
     if @domain.nil?
       raise "cannot tell if this cookie is valid because the domain is unknown"
     end
-    return false if secure? && uri.scheme != 'https'
+    uri = URI(uri)
+    return false if secure? && !(URI::HTTPS === uri)
     acceptable_from_uri?(uri) && HTTP::Cookie.normalize_path(uri.path).start_with?(@path)
   end
 

test/test_http_cookie.rb

@@ -576,6 +576,7 @@ class TestHTTPCookie < Test::Unit::TestCase
     assert_equal false, cookie.valid_for_uri?(URI('http://www.example.com/dir/test.html'))
     assert_equal false, cookie.valid_for_uri?(URI('https://www.example.com/dir2/test.html'))
     assert_equal false, cookie.valid_for_uri?(URI('http://www.example.com/dir2/test.html'))
+    assert_equal false, cookie.valid_for_uri?(URI('file:///dir/test.html'))
 
     cookie = HTTP::Cookie.parse('a=b; path=/dir2/', :origin => URI('http://example.com/dir/file.html')).first
     assert_equal false, cookie.valid_for_uri?(URI('https://example.com/dir/test.html'))
@@ -586,6 +587,7 @@ class TestHTTPCookie < Test::Unit::TestCase
     assert_equal false, cookie.valid_for_uri?(URI('http://www.example.com/dir/test.html'))
     assert_equal false, cookie.valid_for_uri?(URI('https://www.example.com/dir2/test.html'))
     assert_equal false, cookie.valid_for_uri?(URI('http://www.example.com/dir2/test.html'))
+    assert_equal false, cookie.valid_for_uri?(URI('file:///dir/test.html'))
 
     cookie = HTTP::Cookie.parse('a=b; domain=example.com; path=/dir2/', :origin => URI('http://example.com/dir/file.html')).first
     assert_equal false, cookie.valid_for_uri?(URI('https://example.com/dir/test.html'))
@@ -596,15 +598,18 @@ class TestHTTPCookie < Test::Unit::TestCase
     assert_equal false, cookie.valid_for_uri?(URI('http://www.example.com/dir/test.html'))
     assert_equal true, cookie.valid_for_uri?(URI('https://www.example.com/dir2/test.html'))
     assert_equal true, cookie.valid_for_uri?(URI('http://www.example.com/dir2/test.html'))
+    assert_equal false, cookie.valid_for_uri?(URI('file:///dir2/test.html'))
 
     cookie = HTTP::Cookie.parse('a=b; secure', :origin => URI('https://example.com/dir/file.html')).first
     assert_equal true,  cookie.valid_for_uri?(URI('https://example.com/dir/test.html'))
     assert_equal false, cookie.valid_for_uri?(URI('http://example.com/dir/test.html'))
     assert_equal false, cookie.valid_for_uri?(URI('https://example.com/dir2/test.html'))
     assert_equal false, cookie.valid_for_uri?(URI('http://example.com/dir2/test.html'))
+    assert_equal false, cookie.valid_for_uri?(URI('file:///dir2/test.html'))
 
     cookie = HTTP::Cookie.parse('a=b', :origin => URI('https://example.com/')).first
     assert_equal true,  cookie.valid_for_uri?(URI('https://example.com'))
+    assert_equal false, cookie.valid_for_uri?(URI('file:///'))
   end
 
   def test_migration

test/test_http_cookie_jar.rb

@@ -270,6 +270,14 @@ class TestHTTPCookieJar < Test::Unit::TestCase
     assert_equal(0, @jar.cookies(url).length)
   end
 
+  def test_cookies_no_host
+    url = URI 'file:///path/'
+
+    assert_raises(ArgumentError) {
+      @jar.add(HTTP::Cookie.new(cookie_values(:origin => url)))
+    }
+  end
+
   def test_clear
     url = URI 'http://rubyforge.org/'