-
Stephan Renatus authored
The same-site cookie attribute prevents a cookie from being sent along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage and provides some protection against cross-site request forgery attacks. This change adds the option to http.Cookie so it can be stored and passed to HTTP clients. Spec: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00 Fixes #15867 Based on https://github.com/reedloden/go/commit/eb31a0f063c80058bbb3abff4ca09b3565985500 by Reed Loden <reed@hackerone.com> Change-Id: I98c8a9a92358b2f632990576879759e3aff38cff Reviewed-on: https://go-review.googlesource.com/79919 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
3d5703ba