New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/http: parsing of cookie attribute values is too lax #7751
Labels
Milestone
Comments
It's been a while since I remember the details of HTTP cookies... can you give examples of "Cookie: etc" lines that we're not parsing correctly? Also, this isn't a regression, and if we're not doing it correctly, we've always not done it correctly, right? Status changed to WaitingForReply. |
Cookie: lines are okay, the issue is with Set-Cookie: headers, e.g. Set-Cookie: name=value; Max-Age="45" should be rejected according to http://tools.ietf.org/html/rfc6265#section-5.2.2 as the value of Max-Age starts with a quote and only digits and minus is allowed. (Only the cookie-value should be unquoted before processing, the cookie-avs should not be unquoted.) See http://play.golang.org/p/PpzVRGeg0S |
CL https://golang.org/cl/148890043 mentions this issue. |
This issue was closed by revision e59ad69. Status changed to Fixed. |
wheatman
pushed a commit
to wheatman/go-akaros
that referenced
this issue
Jun 25, 2018
attribute values, a la RFC 6265 section 4.1.1 "Syntax". Fixes golang#7751. LGTM=dr.volker.dobler R=dr.volker.dobler CC=bradfitz, golang-codereviews https://golang.org/cl/148890043
wheatman
pushed a commit
to wheatman/go-akaros
that referenced
this issue
Jun 26, 2018
attribute values, a la RFC 6265 section 4.1.1 "Syntax". Fixes golang#7751. LGTM=dr.volker.dobler R=dr.volker.dobler CC=bradfitz, golang-codereviews https://golang.org/cl/148890043
wheatman
pushed a commit
to wheatman/go-akaros
that referenced
this issue
Jul 9, 2018
attribute values, a la RFC 6265 section 4.1.1 "Syntax". Fixes golang#7751. LGTM=dr.volker.dobler R=dr.volker.dobler CC=bradfitz, golang-codereviews https://golang.org/cl/148890043
wheatman
pushed a commit
to wheatman/go-akaros
that referenced
this issue
Jul 30, 2018
attribute values, a la RFC 6265 section 4.1.1 "Syntax". Fixes golang#7751. LGTM=dr.volker.dobler R=dr.volker.dobler CC=bradfitz, golang-codereviews https://golang.org/cl/148890043
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The text was updated successfully, but these errors were encountered: