| Age | Commit message (Collapse) | Author |
|---|
|
Change-Id: I5dec35b1432705b3a52859c38e758220282226af
Reviewed-on: https://go-review.googlesource.com/c/go/+/726700
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
When handling HTTP headers, net/http does not currently limit the number
of cookies that can be parsed. The only limitation that exists is for
the size of the entire HTTP header, which is controlled by
MaxHeaderBytes (defaults to 1 MB).
Unfortunately, this allows a malicious actor to send HTTP headers which
contain a massive amount of small cookies, such that as much cookies as
possible can be fitted within the MaxHeaderBytes limitation. Internally,
this causes us to allocate a massive number of Cookie struct.
For example, a 1 MB HTTP header with cookies that repeats "a=;" will
cause an allocation of ~66 MB in the heap. This can serve as a way for
malicious actors to induce memory exhaustion.
To fix this, we will now limit the number of cookies we are willing to
parse to 3000 by default. This behavior can be changed by setting a new
GODEBUG option: GODEBUG=httpcookiemaxnum. httpcookiemaxnum can be set to
allow a higher or lower cookie limit. Setting it to 0 will also allow an
infinite number of cookies to be parsed.
Thanks to jub0bs for reporting this issue.
For #75672
Fixes CVE-2025-58186
Change-Id: Ied58b3bc8acf5d11c880f881f36ecbf1d5d52622
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/2720
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/709855
Reviewed-by: Carlos Amedee <carlos@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
|
|
In issue #46443, we have established that double-quotes in cookie values
should be kept as part of the value, rather than being discarded.
However, we have missed the edge case of "" until now. This CL fixes
said edge case.
Fixes #75244
Change-Id: I627ad2376931514aa5dcc8961ad804e42b7d9434
Reviewed-on: https://go-review.googlesource.com/c/go/+/700755
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Nicholas Husin <husin@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
Fixes #67031
Change-Id: I1d764afdc7e50d61007f5f71a674eb6872ce507a
GitHub-Last-Rev: 869535e843d2133fa5279297b002dd96725384e0
GitHub-Pull-Request: golang/go#71798
Reviewed-on: https://go-review.googlesource.com/c/go/+/650195
Auto-Submit: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
Fixes #62490
Change-Id: Ibe7df96f50275c9321462e994a962031cb1f3018
GitHub-Last-Rev: 7df8738b804c3d82460eec1fc4acd7c6ad733fe1
GitHub-Pull-Request: golang/go#62499
Reviewed-on: https://go-review.googlesource.com/c/go/+/526435
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Théo Dury <tdury2@gmail.com>
|
|
The current implementation of the http package strips double quotes
from the cookie-value during parsing, resulting in the serialized
cookie not including them. This patch addresses this limitation by
introducing a new field to track whether the original value was
enclosed in quotes.
Additionally, the internal representation of a cookie in the cookiejar
package has been adjusted to align with the new representation.
The syntax of cookies is outlined in RFC 6265 Section 4.1.1:
https://datatracker.ietf.org/doc/html/rfc6265\#section-4.1.1
Fixes #46443
Change-Id: Iac12a56397d77a6060a75757ab0daeacc60457f3
GitHub-Last-Rev: a76440e741440cddaa05944b6828a14a32b5a44a
GitHub-Pull-Request: golang/go#66752
Reviewed-on: https://go-review.googlesource.com/c/go/+/577755
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
Fixes #66008
Change-Id: I64acb7da47a03bdef955f394682004906245a18b
Reviewed-on: https://go-review.googlesource.com/c/go/+/578275
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
Change-Id: Ib7c4baf0247c421954aedabfbb6a6af8a08a8936
Reviewed-on: https://go-review.googlesource.com/c/go/+/540021
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: shuang cui <imcusg@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Change-Id: I69065f8adf101fdb28682c55997f503013a50e29
Reviewed-on: https://go-review.googlesource.com/c/go/+/449757
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Joedian Reid <joedian@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
Reviewed-by: Keith Randall <khr@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Joedian Reid <joedian@golang.org>
Run-TryBot: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
The value of Expires is only checked when a value is set.
This fixes the bug that a cookie with a zero-valued Expire
was considered invalid, even though Expires is an optional
field.
Fixes #52989
Change-Id: I206c50e9b6ea2744a92c74673d589ce2aaa62670
Reviewed-on: https://go-review.googlesource.com/c/go/+/407654
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
The current implementation ignores cookies where the
cookie name starts or ends with a space. For example,
name =value
is ignored.
I have come across pages that send cookies in this weird format.
I tested with the latest versions of Firefox, Safari and Chrome,
all of which accept cookies in this format.
To do this, I remove leading and trailing spaces from the
cookie name after cutting at '='.
Change-Id: I8fd0c37a2113b6ce75712dd43607d1ea55e86c68
GitHub-Last-Rev: 368f50fcb4c7537b90249c3c497e61dc81038f6e
GitHub-Pull-Request: golang/go#52121
Reviewed-on: https://go-review.googlesource.com/c/go/+/397734
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
|
|
[This CL is part of a sequence implementing the proposal #51082.
The design doc is at https://go.dev/s/godocfmt-design.]
Run the updated gofmt, which reformats doc comments,
on the main repository. Vendored files are excluded.
For #51082.
Change-Id: I7332f099b60f716295fb34719c98c04eb1a85407
Reviewed-on: https://go-review.googlesource.com/c/go/+/384268
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
A run of lines that are indented with any number of spaces or tabs
format as a <pre> block. This commit fixes various doc comments
that format badly according to that (standard) rule.
For example, consider:
// - List item.
// Second line.
// - Another item.
Because the - lines are unindented, this is actually two paragraphs
separated by a one-line <pre> block. This CL rewrites it to:
// - List item.
// Second line.
// - Another item.
Today, that will format as a single <pre> block.
In a future release, we hope to format it as a bulleted list.
Various other minor fixes as well, all in preparation for reformatting.
For #51082.
Change-Id: I95cf06040d4186830e571cd50148be3bf8daf189
Reviewed-on: https://go-review.googlesource.com/c/go/+/384257
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
|
|
The (*http.Cookie).String method used by SetCookie will silently discard
or sanitize any fields it deems invalid, making it difficult to tell
whether a cookie will be sent as expected.
This change introduces a new (*http.Cookie).Valid method which may be
used to check if any cookie fields will be discarded or sanitized prior
to calling (*http.Cookie).String.
Fixes #46370
Change-Id: I2db80078de190d267a9c675a9717c8be8acc8704
Reviewed-on: https://go-review.googlesource.com/c/go/+/338590
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Cherry Mui <cherryyz@google.com>
Trust: Damien Neil <dneil@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
Many uses of Index/IndexByte/IndexRune/Split/SplitN
can be written more clearly using the new Cut functions.
Do that. Also rewrite to other functions if that's clearer.
For #46336.
Change-Id: I68d024716ace41a57a8bf74455c62279bde0f448
Reviewed-on: https://go-review.googlesource.com/c/go/+/351711
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
The current implementation uses UTF-aware functions
like strings.EqualFold and strings.ToLower.
This could, in some cases, cause http smuggling.
Change-Id: I0e76a993470a1e1b1b472f4b2859ea0a2b22ada0
Reviewed-on: https://go-review.googlesource.com/c/go/+/308009
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Roberto Clapis <roberto@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
The current specification does not foresee a SameSite attribute without
a value. While the existing implementation would serialize SameSite in a
way that would likely be ignored by well-impelemented clients, it is
better to not rely on this kind of quirks.
Specification: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-4.1.1
Fixes #36990
Change-Id: Ie51152741d7e84bab64d3e4e4f780286932acbde
Reviewed-on: https://go-review.googlesource.com/c/go/+/256498
Trust: Roberto Clapis <roberto@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
Security hardening against HTTP request smuggling. Thank you to ZeddYu
for reporting this issue.
Change-Id: I98bd9f8ffe58360fc3bca9dc5d9a106773e55373
Reviewed-on: https://go-review.googlesource.com/c/go/+/231419
Reviewed-by: Katie Hockman <katie@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Commit 8f6d68eb (CL 37328) changed the code of sanitizeCookieValue without updating its description.
Change-Id: Ib4a1a1f316548258b828458a31b09706bbd59b53
GitHub-Last-Rev: 9731494e177d909f33dd7d5ecfe1fd1a1c88a3e1
GitHub-Pull-Request: golang/go#34790
Reviewed-on: https://go-review.googlesource.com/c/go/+/200041
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Section 4.2 of the Internet-Draft for SameSite includes the possible
SameSite value of "None".
https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
Change-Id: I44f246024429ec175db13ff6b36bee465f3d233d
GitHub-Last-Rev: 170d24aaca4f00d750fca88740100f7c0b440d19
GitHub-Pull-Request: golang/go#31842
Reviewed-on: https://go-review.googlesource.com/c/go/+/175337
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Fixes #29135
Change-Id: I4c10b0395047775e8488b8b0f00f74a7fa01b86c
GitHub-Last-Rev: 120977040506794f00c74383289f913b1e0edd4a
GitHub-Pull-Request: golang/go#29728
Reviewed-on: https://go-review.googlesource.com/c/go/+/157777
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
Parse the headers without splitting them upfront to reduce
memory allocations.
For non-pathological Cookie headers we can make
a good estimate of the number of cookies in there and preallocate
the slice of cookies
name old time/op new time/op delta
CookieString-4 1.73µs ± 2% 1.70µs ± 5% ~ (p=0.841 n=5+5)
ReadSetCookies-4 6.09µs ± 3% 5.93µs ± 3% ~ (p=0.095 n=5+5)
ReadCookies-4 7.63µs ± 1% 6.41µs ± 4% -15.99% (p=0.008 n=5+5)
name old alloc/op new alloc/op delta
CookieString-4 360B ± 0% 360B ± 0% ~ (all equal)
ReadSetCookies-4 976B ± 0% 976B ± 0% ~ (all equal)
ReadCookies-4 2.17kB ± 0% 1.84kB ± 0% -15.13% (p=0.008 n=5+5)
name old allocs/op new allocs/op delta
CookieString-4 5.00 ± 0% 5.00 ± 0% ~ (all equal)
ReadSetCookies-4 15.0 ± 0% 15.0 ± 0% ~ (all equal)
ReadCookies-4 16.0 ± 0% 11.0 ± 0% -31.25% (p=0.008 n=5+5)
Change-Id: Ica1ca0d40c0d8d275134d1dfafb73f1082115826
Reviewed-on: https://go-review.googlesource.com/c/go/+/163617
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
Pregrow buffer to reduce allocs on building cookie string.
We calc cookie name value and domain size (most distributed by value) and
add 110 extra characters allows to write most cookie attributes
without additional allocations in most cases.
name old time/op new time/op delta
CookieString-4 1.65µs ± 3% 1.27µs ± 2% -23.01% (p=0.008 n=5+5)
ReadSetCookies-4 5.78µs ± 4% 5.67µs ± 3% ~ (p=0.310 n=5+5)
ReadCookies-4 7.12µs ± 4% 7.04µs ± 3% ~ (p=0.690 n=5+5)
name old alloc/op new alloc/op delta
CookieString-4 360B ± 0% 144B ± 0% -60.00% (p=0.008 n=5+5)
ReadSetCookies-4 976B ± 0% 976B ± 0% ~ (all equal)
ReadCookies-4 2.17kB ± 0% 2.17kB ± 0% ~ (all equal)
name old allocs/op new allocs/op delta
CookieString-4 5.00 ± 0% 1.00 ± 0% -80.00% (p=0.008 n=5+5)
ReadSetCookies-4 15.0 ± 0% 15.0 ± 0% ~ (all equal)
ReadCookies-4 16.0 ± 0% 16.0 ± 0% ~ (all equal)
Change-Id: I50defac954a135b785b3551342b00878429b3d7f
Reviewed-on: https://go-review.googlesource.com/c/go/+/163017
Reviewed-by: Volker Dobler <dr.volker.dobler@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Follow-up for CL 147037 and after Brad noticed the "returns whether"
pattern during the review of CL 150621.
Go documentation style for boolean funcs is to say:
// Foo reports whether ...
func Foo() bool
(rather than "returns whether")
Created with:
$ perl -i -npe 's/returns whether/reports whether/' $(git grep -l "returns whether" | grep -v vendor)
Change-Id: I15fe9ff99180ad97750cd05a10eceafdb12dc0b4
Reviewed-on: https://go-review.googlesource.com/c/150918
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Fixes #28244
Change-Id: I3ca36fd513f5543af0c8af254d267254c7d5e803
GitHub-Last-Rev: 83b16fac4e221a249ed036c034367d6f680ae578
GitHub-Pull-Request: golang/go#28302
Reviewed-on: https://go-review.googlesource.com/c/143480
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Change-Id: Ie7f6592d726eba73a5e6b3203e083bff55ff8e4e
GitHub-Last-Rev: 4e317b39dd337f95aa7b7f321906e69a2c14b84e
GitHub-Pull-Request: golang/go#27977
Reviewed-on: https://go-review.googlesource.com/c/139100
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Change-Id: I76d878343c1cc14b53c700b0476ca050c1f9e6be
GitHub-Last-Rev: 148a45f4b63f7f55312112bbbd982f9927ac9e6e
GitHub-Pull-Request: golang/go#27107
Reviewed-on: https://go-review.googlesource.com/130235
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
The same-site cookie attribute prevents a cookie from being sent along with
cross-site requests. The main goal is mitigate the risk of cross-origin
information leakage and provides some protection against cross-site request
forgery attacks.
This change adds the option to http.Cookie so it can be stored and
passed to HTTP clients.
Spec: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00
Fixes #15867
Based on
https://github.com/reedloden/go/commit/eb31a0f063c80058bbb3abff4ca09b3565985500
by Reed Loden <reed@hackerone.com>
Change-Id: I98c8a9a92358b2f632990576879759e3aff38cff
Reviewed-on: https://go-review.googlesource.com/79919
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Each URL was manually verified to ensure it did not serve up incorrect
content.
Change-Id: I4dc846227af95a73ee9a3074d0c379ff0fa955df
Reviewed-on: https://go-review.googlesource.com/115798
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
|
|
I grepped for "bytes.Buffer" and "buf.String" and mostly ignored test
files. I skipped a few on purpose and probably missed a few others,
but otherwise I think this should be most of them.
Updates #18990
Change-Id: I5a6ae4296b87b416d8da02d7bfaf981d8cc14774
Reviewed-on: https://go-review.googlesource.com/102479
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
This reverts https://golang.org/cl/65930.
Fixes #22148
Change-Id: Ie0712621ed89c43bef94417fc32de9af77607760
Reviewed-on: https://go-review.googlesource.com/68430
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
strings.IndexByte was introduced in go1.2 and it can be used
effectively wherever the second argument to strings.Index is
exactly one byte long.
This avoids generating unnecessary string symbols and saves
a few calls to strings.Index.
Change-Id: I1ab5edb7c4ee9058084cfa57cbcc267c2597e793
Reviewed-on: https://go-review.googlesource.com/65930
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
Change-Id: I9d77655026f16a41a77bd0036d693a40cdd6d52f
Reviewed-on: https://go-review.googlesource.com/52090
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Joe Tsai <thebrokentoaster@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
According to RFC 6255 a cookie value may contain neither spaces " "
nor commas ",". But browsers seem to handle these pretty well and such
values are not uncommon in the wild so we do allow spaces and commas
in cookie values too. Up to now we use the double-quoted wire format
only for cookie values with leading and/or trailing spaces and commas.
Values with internal spaces/commas are sent without the optional double
quotes. This seems to be a problem for some agents.
This CL changes the behaviour for cookie values with spaces or commas:
Such values are always sent in double quotes. This should not have
any impact on existing agents and the increases of data transmitted
is negligible.
Fixes #18627
Change-Id: I575a98d589e048aa39d976a3c984550daaca730a
Reviewed-on: https://go-review.googlesource.com/37328
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Following RFC 6265 Section 5.1.1.5, ensure that the minimum
year for which an Expires value is valid and can be included in
the cookie's string, is 1601 instead of the Epoch year 1970.
A detailed specification for parsing the Expiry field is at:
https://tools.ietf.org/html/rfc6265#section-5.2.1
I stumbled across this bug due to this StackOverflow answer
that recommends setting the Expiry to the Epoch:
http://stackoverflow.com/a/5285982
Fixes #17632
Change-Id: I3c1bdf821d369320334a5dc1e4bf22783cbfe9fc
Reviewed-on: https://go-review.googlesource.com/32142
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
- precalculate *Cookie slice in read cookie functions
- readSetCookies: pre-allocs depending on the count of Set-Cookies
- rename success variable to ok; avoid else
- refactor Cookie.String to use less allocations
- remove fmt package and replace with writes to a bytes.Buffer
- add BenchmarkReadSetCookies and BenchmarkReadCookies
name old time/op new time/op delta
CookieString-8 1.42µs ± 2% 0.78µs ± 1% -45.36% (p=0.000 n=10+10)
ReadSetCookies-8 3.46µs ± 1% 3.42µs ± 2% -1.39% (p=0.001 n=10+10)
ReadCookies-8 5.12µs ± 1% 5.15µs ± 2% ~ (p=0.393 n=10+10)
name old alloc/op new alloc/op delta
CookieString-8 520B ± 0% 384B ± 0% -26.15% (p=0.000 n=10+10)
ReadSetCookies-8 968B ± 0% 960B ± 0% -0.83% (p=0.000 n=10+10)
ReadCookies-8 2.01kB ± 0% 2.01kB ± 0% ~ (all samples are equal)
name old allocs/op new allocs/op delta
CookieString-8 10.0 ± 0% 3.0 ± 0% -70.00% (p=0.000 n=10+10)
ReadSetCookies-8 18.0 ± 0% 17.0 ± 0% -5.56% (p=0.000 n=10+10)
ReadCookies-8 16.0 ± 0% 16.0 ± 0% ~ (all samples are equal)
Change-Id: I870670987f10f3e52f9c657cfb8e6eaaa97a6162
Reviewed-on: https://go-review.googlesource.com/27850
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
|
|
Change-Id: Icd06d99c42b8299fd931c7da821e1f418684d913
Reviewed-on: https://go-review.googlesource.com/19829
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
The one in misc/makerelease/makerelease.go is particularly bad and
probably warrants rotating our keys.
I didn't update old weekly notes, and reverted some changes involving
test code for now, since we're late in the Go 1.5 freeze. Otherwise,
the rest are all auto-generated changes, and all manually reviewed.
Change-Id: Ia2753576ab5d64826a167d259f48a2f50508792d
Reviewed-on: https://go-review.googlesource.com/12048
Reviewed-by: Rob Pike <r@golang.org>
|
|
Fixes #9758
Change-Id: I3089ec06cddd74b547d8b10834d7478a04b02069
Reviewed-on: https://go-review.googlesource.com/11701
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
Per RFC 6265.
Change-Id: I2b6b145f5d057f96509332509d722602ed9e2bbd
Reviewed-on: https://go-review.googlesource.com/10711
Reviewed-by: Brett Slatkin <bslatkin@google.com>
Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
|
|
attribute values, a la RFC 6265 section 4.1.1 "Syntax".
Fixes #7751.
LGTM=dr.volker.dobler
R=dr.volker.dobler
CC=bradfitz, golang-codereviews
https://golang.org/cl/148890043
|
|
Preparation was in CL 134570043.
This CL contains only the effect of 'hg mv src/pkg/* src'.
For more about the move, see golang.org/s/go14nopkg.
|
