qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-13 14:00:27 -07:00
Code Releases Activity

net/http: add support for SameSite=None

Browse Source 
Section 4.2 of the Internet-Draft for SameSite includes the possible
SameSite value of "None".

https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00

Change-Id: I44f246024429ec175db13ff6b36bee465f3d233d
GitHub-Last-Rev: 170d24aaca
GitHub-Pull-Request: golang/go#31842
Reviewed-on: https://go-review.googlesource.com/c/go/+/175337
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
Vivek Sekhar 2019-05-06 17:49:47 +00:00 committed by Brad Fitzpatrick
parent b98cecff88
commit e64241216d
3 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/next.txt
View File

@ -180,6 +180,8 @@ pkg net, type ListenConfig struct, KeepAlive time.Duration
pkg net/http, const StatusEarlyHints = 103 pkg net/http, const StatusEarlyHints = 103
pkg net/http, const StatusEarlyHints ideal-int pkg net/http, const StatusEarlyHints ideal-int
pkg net/http, method (Header) Clone() Header pkg net/http, method (Header) Clone() Header
pkg net/http, const SameSiteNoneMode = 4
pkg net/http, const SameSiteNoneMode SameSite
pkg net/http, type Server struct, BaseContext func(net.Listener) context.Context pkg net/http, type Server struct, BaseContext func(net.Listener) context.Context
pkg net/http, type Server struct, ConnContext func(context.Context, net.Conn) context.Context pkg net/http, type Server struct, ConnContext func(context.Context, net.Conn) context.Context
pkg net/http, type Transport struct, ForceAttemptHTTP2 bool pkg net/http, type Transport struct, ForceAttemptHTTP2 bool

5
src/net/http/cookie.go
View File

@ -48,6 +48,7 @@ const (
SameSiteDefaultMode SameSite = iota + 1 SameSiteDefaultMode SameSite = iota + 1
SameSiteLaxMode SameSiteLaxMode
SameSiteStrictMode SameSiteStrictMode
SameSiteNoneMode
) )
// readSetCookies parses all "Set-Cookie" values from // readSetCookies parses all "Set-Cookie" values from
@ -105,6 +106,8 @@ func readSetCookies(h Header) []*Cookie {
c.SameSite = SameSiteLaxMode c.SameSite = SameSiteLaxMode
case "strict": case "strict":
c.SameSite = SameSiteStrictMode c.SameSite = SameSiteStrictMode
case "none":
c.SameSite = SameSiteNoneMode
default: default:
c.SameSite = SameSiteDefaultMode c.SameSite = SameSiteDefaultMode
} }
@ -217,6 +220,8 @@ func (c *Cookie) String() string {
switch c.SameSite { switch c.SameSite {
case SameSiteDefaultMode: case SameSiteDefaultMode:
b.WriteString("; SameSite") b.WriteString("; SameSite")
case SameSiteNoneMode:
b.WriteString("; SameSite=None")
case SameSiteLaxMode: case SameSiteLaxMode:
b.WriteString("; SameSite=Lax") b.WriteString("; SameSite=Lax")
case SameSiteStrictMode: case SameSiteStrictMode:

13
src/net/http/cookie_test.go
View File

@ -77,6 +77,10 @@ var writeSetCookiesTests = []struct {
&Cookie{Name: "cookie-14", Value: "samesite-strict", SameSite: SameSiteStrictMode}, &Cookie{Name: "cookie-14", Value: "samesite-strict", SameSite: SameSiteStrictMode},
"cookie-14=samesite-strict; SameSite=Strict", "cookie-14=samesite-strict; SameSite=Strict",
}, },
{
&Cookie{Name: "cookie-15", Value: "samesite-none", SameSite: SameSiteNoneMode},
"cookie-15=samesite-none; SameSite=None",
},
// The "special" cookies have values containing commas or spaces which // The "special" cookies have values containing commas or spaces which
// are disallowed by RFC 6265 but are common in the wild. // are disallowed by RFC 6265 but are common in the wild.
{ {
@ -296,6 +300,15 @@ var readSetCookiesTests = []struct {
Raw: "samesitestrict=foo; SameSite=Strict", Raw: "samesitestrict=foo; SameSite=Strict",
}}, }},
}, },
{
Header{"Set-Cookie": {"samesitenone=foo; SameSite=None"}},
[]*Cookie{{
Name: "samesitenone",
Value: "foo",
SameSite: SameSiteNoneMode,
Raw: "samesitenone=foo; SameSite=None",
}},
},
// Make sure we can properly read back the Set-Cookie headers we create // Make sure we can properly read back the Set-Cookie headers we create
// for values containing spaces or commas: // for values containing spaces or commas:
{ {