Cypherpunks repositories - gostls13.git/commit

]> Cypherpunks repositories - gostls13.git/commit

author	Volker Dobler <dr.volker.dobler@gmail.com>
	Mon, 12 Aug 2013 22:14:34 +0000 (15:14 -0700)
committer	Brad Fitzpatrick <bradfitz@golang.org>
	Mon, 12 Aug 2013 22:14:34 +0000 (15:14 -0700)
commit	4f86a96ac9020f756fe4eda004ab16f2141f9746
tree	5cee46dc873d5347c4b53919236f3e978bbebedf	tree
parent	e838334beb38c20d2b4035b53ec4e3e3487844f9	commit \| diff

net/http: do not send malformed cookie domain attribute

Malformed domain attributes are not sent in a Set-Cookie header.
Instead the domain attribute is dropped which turns the cookie
into a host-only cookie. This is much safer than dropping characters
from domain attribute.

Domain attributes with a leading dot '.' are still allowed, even
if discouraged by RFC 6265 section 4.1.1.

Fixes #6013

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/12745043

src/pkg/net/http/cookie.go		diff \| blob \| history
src/pkg/net/http/cookie_test.go		diff \| blob \| history

Go GOST TLS 1.3

RSS Atom