net/http: allow zero-valued Expires in Cookie.Valid

The value of Expires is only checked when a value is set.

This fixes the bug that a cookie with a zero-valued Expire
was considered invalid, even though Expires is an optional
field.

Fixes #52989

Change-Id: I206c50e9b6ea2744a92c74673d589ce2aaa62670
Reviewed-on: https://go-review.googlesource.com/c/go/+/407654
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

diff --git a/src/net/http/cookie.go b/src/net/http/cookie.go
index e9fd599392cef2478f0fd2f85ef261fea07b9401..b7b0455ee1653ed7afdb7975707d224fbbbc3a7a 100644 (file)
--- a/src/net/http/cookie.go
+++ b/src/net/http/cookie.go
@@ -247,7 +247,7 @@ func (c *Cookie) Valid() error {
        if !isCookieNameValid(c.Name) {
                return errors.New("http: invalid Cookie.Name")
        }
-       if !validCookieExpires(c.Expires) {
+       if !c.Expires.IsZero() && !validCookieExpires(c.Expires) {
                return errors.New("http: invalid Cookie.Expires")
        }
        for i := 0; i < len(c.Value); i++ {

diff --git a/src/net/http/cookie_test.go b/src/net/http/cookie_test.go
index 0db138e4f128bd4d84bb9d0549b5459775ff7da5..8fcf1faaa5f5b822721d495b9982f6276360ff43 100644 (file)
--- a/src/net/http/cookie_test.go
+++ b/src/net/http/cookie_test.go
@@ -542,11 +542,14 @@ func TestCookieValid(t *testing.T) {
        }{
                {nil, false},
                {&Cookie{Name: ""}, false},
-               {&Cookie{Name: "invalid-expires"}, false},
                {&Cookie{Name: "invalid-value", Value: "foo\"bar"}, false},
                {&Cookie{Name: "invalid-path", Path: "/foo;bar/"}, false},
                {&Cookie{Name: "invalid-domain", Domain: "example.com:80"}, false},
-               {&Cookie{Name: "valid", Value: "foo", Path: "/bar", Domain: "example.com", Expires: time.Unix(0, 0)}, true},
+               {&Cookie{Name: "invalid-expiry", Value: "", Expires: time.Date(1600, 1, 1, 1, 1, 1, 1, time.UTC)}, false},
+               {&Cookie{Name: "valid-empty"}, true},
+               {&Cookie{Name: "valid-expires", Value: "foo", Path: "/bar", Domain: "example.com", Expires: time.Unix(0, 0)}, true},
+               {&Cookie{Name: "valid-max-age", Value: "foo", Path: "/bar", Domain: "example.com", MaxAge: 60}, true},
+               {&Cookie{Name: "valid-all-fields", Value: "foo", Path: "/bar", Domain: "example.com", Expires: time.Unix(0, 0), MaxAge: 0}, true},
        }
 
        for _, tt := range tests {