net/http: (*http.Response).Cookies
have different behaviour compared with web browser
#66118
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Go version
go version go1.22.0 linux/amd64
Output of
go env
in your module/workspace:What did you do?
I was trying to get any valid cookies given in HTTP response header specifically via
Set-Cookie
header entry. https://go.dev/play/p/M8hiEzF_n97What did you see happen?
In the example code, the
Cookies
method excludeutid
because it has quotation mark chars inside cookie-value. Looking at the RFC in the comment, https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1Quotation mark
"
OR in hex 0x22 is excluded, which is already expected behaviour:However, for web browsers that behaviour is totally fine.
What did you expect to see?
Interface for custom validation for valid cookies
The text was updated successfully, but these errors were encountered: