net/http/cookie: readSetCookies does not strip whitespace for key/value pair received #40414
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes. I'm using the latest go release for Windows.
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Use
http.Client
with cookie jar to access site with validSet-Cookie
header, but the cookie did not persist.The first two requests:
In the second request, the cookie did not persist. When looking at the cookie jar after the first request, the cookie has been stored under the path
/html
instead of expected/
, which applies to the whole domain.When I further examine the response header from the initial request, there's a white-space after the
path
key. This extra whitespace has causedreadSetCookies
to not recognise the key-pair, and the cookie has been stored relative to the document path (i.e./html
).A quick read in RFC6265#5.2, step 4 states that the user-agent should strip leading or trailing whitespaces for the key/value string.
An attempt to fix this behaviour:
What did you expect to see?
The cookie is carried with subsequent requests.
What did you see instead?
The cookie was not set in subsequent requests, due to path mismatch.
The text was updated successfully, but these errors were encountered: