mirror of
https://github.com/golang/go
synced 2024-11-25 07:07:57 -07:00
net/http: do not send leading dot in cookie domain attribute
RFC 6265 allows a leading dot in a cookie domain attribute but is clear (see section 4.1.1) that a Set-Cookie header should be sent without these dots. R=bradfitz CC=golang-dev https://golang.org/cl/13111043
This commit is contained in:
parent
61f3fdcaec
commit
f1d61b959f
@ -149,8 +149,13 @@ func (c *Cookie) String() string {
|
||||
if validCookieDomain(c.Domain) {
|
||||
// A c.Domain containing illegal characters is not
|
||||
// sanitized but simply dropped which turns the cookie
|
||||
// into a host-only cookie.
|
||||
fmt.Fprintf(&b, "; Domain=%s", c.Domain)
|
||||
// into a host-only cookie. A leading dot is okay
|
||||
// but won't be sent.
|
||||
d := c.Domain
|
||||
if d[0] == '.' {
|
||||
d = d[1:]
|
||||
}
|
||||
fmt.Fprintf(&b, "; Domain=%s", d)
|
||||
} else {
|
||||
log.Printf("net/http: invalid Cookie.Domain %q; dropping domain attribute",
|
||||
c.Domain)
|
||||
|
@ -26,7 +26,7 @@ var writeSetCookiesTests = []struct {
|
||||
},
|
||||
{
|
||||
&Cookie{Name: "cookie-3", Value: "three", Domain: ".example.com"},
|
||||
"cookie-3=three; Domain=.example.com",
|
||||
"cookie-3=three; Domain=example.com",
|
||||
},
|
||||
{
|
||||
&Cookie{Name: "cookie-4", Value: "four", Path: "/restricted/"},
|
||||
|
Loading…
Reference in New Issue
Block a user