Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http: invalid Cookie.Domain in case of setting cookie on IPv6 #65521

Open
chernykhdk opened this issue Feb 5, 2024 · 2 comments
Open

net/http: invalid Cookie.Domain in case of setting cookie on IPv6 #65521

chernykhdk opened this issue Feb 5, 2024 · 2 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.

Comments

@chernykhdk
Copy link

chernykhdk commented Feb 5, 2024
edited

Go version

go version go1.20.5 linux/amd64

Output of go env in your module/workspace:

GO111MODULE="on"
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/dmitry/.cache/go-build"
GOENV="/home/dmitry/.config/go/env"
GOEXE=""
GOEXPERIMENT=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/dmitry/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="linux"
GOPATH="/home/dmitry/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GOVCS=""
GOVERSION="go1.20.5"
GCCGO="gccgo"
GOAMD64="v1"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD="/home/dmitry/go/src/***/go.mod"
GOWORK=""
CGO_CFLAGS="-O2 -g"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-O2 -g"
CGO_FFLAGS="-O2 -g"
CGO_LDFLAGS="-O2 -g"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build2985869622=/tmp/go-build -gno-record-gcc-switches"

What did you do?

func(w http.ResponseWriter, r *http.Request) {
	cookie := http.Cookie{
		Name:   "foo",
		Value:  "bar",
		Path:   "/",
		Domain: "[fd7d:844d:3e17:f3ae::1]",
	}

	http.SetCookie(w, &cookie)
	w.WriteHeader(http.StatusOK)
}

What did you see happen?

in logs:
net/http: invalid Cookie.Domain "[fd7d:844d:3e17:f3ae::1]"; dropping domain attribute

in browser:
cookie is missing

What did you expect to see?

i expect to see cookie which exists in browser like as in case of IPv4

i think trouble is in net/http/cookie.go:

// validCookieDomain reports whether v is a valid cookie domain-value.
func validCookieDomain(v string) bool {
	if isCookieDomainName(v) {
		return true
	}
	if net.ParseIP(v) != nil && !strings.Contains(v, ":") {
		return true
	}
	return false
}
@mateusz834 mateusz834 added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Feb 5, 2024
@mateusz834
Copy link
Member

CC @neild

It seems like it works as per spec.

RFC 6265:

domain-value =
; defined in [RFC1034], Section 3.5, as
; enhanced by [RFC1123], Section 2.1

RFC 1123:

Whenever a user inputs the identity of an Internet host, it SHOULD
be possible to enter either (1) a host domain name or (2) an IP
address in dotted-decimal ("#.#.#.#") form. The host SHOULD check
the string syntactically for a dotted-decimal number before
looking it up in the Domain Name System.

It does not specify anything about ipv6.

@seankhliao
Copy link
Member

it does appear that chrome and firefox accept this syntax https://bugzilla.mozilla.org/show_bug.cgi?id=1666678

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@seankhliao @mateusz834 @chernykhdk