diff options
| author | darmiel <71837281+darmiel@users.noreply.github.com> | 2022-05-04 12:39:49 +0000 |
|---|---|---|
| committer | Damien Neil <dneil@google.com> | 2022-08-12 16:22:39 +0000 |
| commit | 2cf49a76b674ee5075f3ed6ff857c5b3e7a8109a (patch) | |
| tree | 875cc8431a473556f6b1abe5ab1429aeb2ebffcc /src/net/http | |
| parent | 57c1edcaec010874ed4a8491ca4ba3a2dda77339 (diff) | |
| download | go-2cf49a76b674ee5075f3ed6ff857c5b3e7a8109a.tar.xz | |
net/http: trim cookie names
The current implementation ignores cookies where the
cookie name starts or ends with a space. For example,
name =value
is ignored.
I have come across pages that send cookies in this weird format.
I tested with the latest versions of Firefox, Safari and Chrome,
all of which accept cookies in this format.
To do this, I remove leading and trailing spaces from the
cookie name after cutting at '='.
Change-Id: I8fd0c37a2113b6ce75712dd43607d1ea55e86c68
GitHub-Last-Rev: 368f50fcb4c7537b90249c3c497e61dc81038f6e
GitHub-Pull-Request: golang/go#52121
Reviewed-on: https://go-review.googlesource.com/c/go/+/397734
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Diffstat (limited to 'src/net/http')
| -rw-r--r-- | src/net/http/cookie.go | 2 | ||||
| -rw-r--r-- | src/net/http/cookie_test.go | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/src/net/http/cookie.go b/src/net/http/cookie.go index 9cb0804f8f..e9fd599392 100644 --- a/src/net/http/cookie.go +++ b/src/net/http/cookie.go @@ -73,6 +73,7 @@ func readSetCookies(h Header) []*Cookie { if !ok { continue } + name = textproto.TrimString(name) if !isCookieNameValid(name) { continue } @@ -291,6 +292,7 @@ func readCookies(h Header, filter string) []*Cookie { continue } name, val, _ := strings.Cut(part, "=") + name = textproto.TrimString(name) if !isCookieNameValid(name) { continue } diff --git a/src/net/http/cookie_test.go b/src/net/http/cookie_test.go index ccc5f98091..0db138e4f1 100644 --- a/src/net/http/cookie_test.go +++ b/src/net/http/cookie_test.go @@ -352,6 +352,12 @@ var readSetCookiesTests = []struct { Header{"Set-Cookie": {`special-8=","`}}, []*Cookie{{Name: "special-8", Value: ",", Raw: `special-8=","`}}, }, + // Make sure we can properly read back the Set-Cookie headers + // for names containing spaces: + { + Header{"Set-Cookie": {`special-9 =","`}}, + []*Cookie{{Name: "special-9", Value: ",", Raw: `special-9 =","`}}, + }, // TODO(bradfitz): users have reported seeing this in the // wild, but do browsers handle it? RFC 6265 just says "don't |