Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: net/http/cookiejar: Secure should not be checked on localhost #60997

Open
zekroTJA opened this issue Jun 26, 2023 · 1 comment
Open

proposal: net/http/cookiejar: Secure should not be checked on localhost #60997

zekroTJA opened this issue Jun 26, 2023 · 1 comment
Labels
Proposal Security
Milestone
Proposal

Comments

@zekroTJA
Copy link

Most browsers cookie implementation have an exception for the Secure flag when the request is send to a localhost domain (as stated in the MDN web docs).

I would appreciate if this behavior would be reflected in Go's cookie jar implementation. Probably best would be to add a new Options property which actively enables this behavior, so that it is disabled by default to avoid changing the currently expected behavior.

If this suggestion gets accepted, I would appreciate to take a try on an implementation contribution.
@gopherbot gopherbot added this to the Proposal milestone Jun 26, 2023
@ianlancetaylor
Copy link
Contributor

CC @neild @bradfitz @nigeltao

@Tom-Dann Tom-Dann mentioned this issue Nov 16, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Proposal Security
Projects
Proposals
Status: Incoming
Milestone
Proposal
Development

No branches or pull requests
4 participants
@ianlancetaylor @bcmills @gopherbot @zekroTJA