src/net/http/cookiejar · 02ad841dd82bd644b12efa168ad9fc4c623d6b37 · go / golang

net/http: add support for SameSite option in http.Cookie · 3d5703ba

Stephan Renatus authored Nov 27, 2017

The same-site cookie attribute prevents a cookie from being sent along with
cross-site requests. The main goal is mitigate the risk of cross-origin
information leakage and provides some protection against cross-site request
forgery attacks.

This change adds the option to http.Cookie so it can be stored and
passed to HTTP clients.

Spec: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00

Fixes #15867

Based on
https://github.com/reedloden/go/commit/eb31a0f063c80058bbb3abff4ca09b3565985500
by Reed Loden <reed@hackerone.com>

Change-Id: I98c8a9a92358b2f632990576879759e3aff38cff
Reviewed-on: https://go-review.googlesource.com/79919
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

3d5703ba

Name	Last commit	Last update
..
dummy_publicsuffix_test.go		Loading commit data...
example_test.go		Loading commit data...
jar.go		Loading commit data...
jar_test.go		Loading commit data...
punycode.go		Loading commit data...
punycode_test.go		Loading commit data...