New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/http: cookies not set on redirections (302) by the default client #64464
Comments
It works as expected in Python:
|
This behavior is as documented. Per https://pkg.go.dev/net/http#Client:
|
Even if it is documented, Python and browsers handle it differently so, can that evolve please? Furthermore, the documentation says the Golang HTTP (default) client forwards all headers set on the initial request (with exceptions), but here the cookie is set on the initial response, isn't it? |
There'd be an import cycle if cc @neild |
Go version
go version go1.19.8 linux/amd64
What operating system and processor architecture are you using (
go env
)?What did you do?
First case, I did a GET onto a webpage that sets a cookie and redirects users: https://go.dev/play/p/ecskkzjvHRy
Second case, I did a POST onto a webpage that sets a cookie and redirects users: https://go.dev/play/p/a4xWVv0ZVqT
What did you expect to see?
In both cases, I expected a redirection to a webpage with cookies set.
It turns out that a Cookie Jar has to be defined/initialized for this behaviour to happen (see here for example).
Corrected code for each case: GET & POST.
Output in the first case:
In the second case, I got a Wrong Credentials error.
What did you see instead?
First case:
Second case detailed log (censored):
As pointed out in this 2012 blog post, most browsers redirect users by setting cookies and Golang does only half of this job by default. Please make this default, or do not redirect by default.
The text was updated successfully, but these errors were encountered: