diff options
| author | Roberto Clapis <roberto@golang.org> | 2020-09-22 17:57:06 +0200 |
|---|---|---|
| committer | Roberto Clapis <roberto@golang.org> | 2020-10-08 08:53:13 +0000 |
| commit | 542693e00529fbb4248fac614ece68b127a5ec4d (patch) | |
| tree | ab4a3ddeba31be4db46c5d7683140500c53f3c28 /src | |
| parent | 5d1378143bc07791296abb420df35537ad80492f (diff) | |
| download | go-542693e00529fbb4248fac614ece68b127a5ec4d.tar.xz | |
net/http: make SameSiteDefaultMode behavior match the specification
The current specification does not foresee a SameSite attribute without
a value. While the existing implementation would serialize SameSite in a
way that would likely be ignored by well-impelemented clients, it is
better to not rely on this kind of quirks.
Specification: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-4.1.1
Fixes #36990
Change-Id: Ie51152741d7e84bab64d3e4e4f780286932acbde
Reviewed-on: https://go-review.googlesource.com/c/go/+/256498
Trust: Roberto Clapis <roberto@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/net/http/cookie.go | 2 | ||||
| -rw-r--r-- | src/net/http/cookie_test.go | 11 |
2 files changed, 11 insertions, 2 deletions
diff --git a/src/net/http/cookie.go b/src/net/http/cookie.go index d7a8f5e94e..141bc947f6 100644 --- a/src/net/http/cookie.go +++ b/src/net/http/cookie.go @@ -220,7 +220,7 @@ func (c *Cookie) String() string { } switch c.SameSite { case SameSiteDefaultMode: - b.WriteString("; SameSite") + // Skip, default mode is obtained by not emitting the attribute. case SameSiteNoneMode: b.WriteString("; SameSite=None") case SameSiteLaxMode: diff --git a/src/net/http/cookie_test.go b/src/net/http/cookie_test.go index 9e8196ebce..959713a0dc 100644 --- a/src/net/http/cookie_test.go +++ b/src/net/http/cookie_test.go @@ -67,7 +67,7 @@ var writeSetCookiesTests = []struct { }, { &Cookie{Name: "cookie-12", Value: "samesite-default", SameSite: SameSiteDefaultMode}, - "cookie-12=samesite-default; SameSite", + "cookie-12=samesite-default", }, { &Cookie{Name: "cookie-13", Value: "samesite-lax", SameSite: SameSiteLaxMode}, @@ -283,6 +283,15 @@ var readSetCookiesTests = []struct { }}, }, { + Header{"Set-Cookie": {"samesiteinvalidisdefault=foo; SameSite=invalid"}}, + []*Cookie{{ + Name: "samesiteinvalidisdefault", + Value: "foo", + SameSite: SameSiteDefaultMode, + Raw: "samesiteinvalidisdefault=foo; SameSite=invalid", + }}, + }, + { Header{"Set-Cookie": {"samesitelax=foo; SameSite=Lax"}}, []*Cookie{{ Name: "samesitelax", |