fix: [#1162] Allow to use secure flag for cookies on "http://localhost"

Co-authored-by: David Ortner <david@ortner.se>

Author: karpiuMG

packages/happy-dom/src/cookie/urilities/CookieURLUtility.ts

@@ -14,8 +14,9 @@ export default class CookieURLUtility {
 	 * @returns "true" if cookie matches URL.
 	 */
 	public static cookieMatchesURL(cookie: ICookie, url: URL): boolean {
+		const isLocalhost = url.hostname === 'localhost' || url.hostname.endsWith('.localhost');
 		return (
-			(!cookie.secure || url.protocol === 'https:') &&
+			(!cookie.secure || url.protocol === 'https:' || isLocalhost) &&
 			(!cookie.domain || url.hostname.endsWith(cookie.domain)) &&
 			(!cookie.path || url.pathname.startsWith(cookie.path)) &&
 			// @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

packages/happy-dom/test/cookie/CookieContainer.test.ts

@@ -163,6 +163,21 @@ describe('CookieContainer', () => {
 			).toBe('__secure-key=value');
 		});
 
+		it('Validates secure cookie keys for localhost', () => {
+			const originURL = new URL('http://localhost');
+			const targetURL = new URL('http://localhost');
+
+			expect(CookieStringUtility.stringToCookie(originURL, `__secure-key=value`)).toBe(null);
+
+			cookieContainer.addCookies([
+				<ICookie>CookieStringUtility.stringToCookie(originURL, `__secure-key=value; Secure;`)
+			]);
+
+			expect(
+				CookieStringUtility.cookiesToString(cookieContainer.getCookies(targetURL, false))
+			).toBe('__secure-key=value');
+		});
+
 		it('Validates host cookie keys.', () => {
 			const originURL = new URL('https://example.com/path/to/page/');
 			const targetURL = new URL('https://example.com/path/to/page/');