The current implementation ignores cookies where the
cookie name starts or ends with a space. For example,
name =value
is ignored.
I have come across pages that send cookies in this weird format.
I tested with the latest versions of Firefox, Safari and Chrome,
all of which accept cookies in this format.
To do this, I remove leading and trailing spaces from the
cookie name after cutting at '='.
Change-Id: I8fd0c37a2113b6ce75712dd43607d1ea55e86c68
GitHub-Last-Rev:
368f50fcb4c7537b90249c3c497e61dc81038f6e
GitHub-Pull-Request: golang/go#52121
Reviewed-on: https://go-review.googlesource.com/c/go/+/397734
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
if !ok {
continue
}
+ name = textproto.TrimString(name)
if !isCookieNameValid(name) {
continue
}
continue
}
name, val, _ := strings.Cut(part, "=")
+ name = textproto.TrimString(name)
if !isCookieNameValid(name) {
continue
}
Header{"Set-Cookie": {`special-8=","`}},
[]*Cookie{{Name: "special-8", Value: ",", Raw: `special-8=","`}},
},
+ // Make sure we can properly read back the Set-Cookie headers
+ // for names containing spaces:
+ {
+ Header{"Set-Cookie": {`special-9 =","`}},
+ []*Cookie{{Name: "special-9", Value: ",", Raw: `special-9 =","`}},
+ },
// TODO(bradfitz): users have reported seeing this in the
// wild, but do browsers handle it? RFC 6265 just says "don't