Files · 4f86a96ac9020f756fe4eda004ab16f2141f9746 · go / golang

net/http: do not send malformed cookie domain attribute · 4f86a96a

Volker Dobler authored Aug 12, 2013

Malformed domain attributes are not sent in a Set-Cookie header.
Instead the domain attribute is dropped which turns the cookie
into a host-only cookie. This is much safer than dropping characters
from domain attribute.

Domain attributes with a leading dot '.' are still allowed, even
if discouraged by RFC 6265 section 4.1.1.

Fixes #6013

R=golang-dev, bradfitz
CC=golang-dev
https://golang.org/cl/12745043

4f86a96a

Name	Last commit	Last update
api		Loading commit data...
doc		Loading commit data...
include		Loading commit data...
lib		Loading commit data...
misc		Loading commit data...
src		Loading commit data...
test		Loading commit data...
.hgignore		Loading commit data...
.hgtags		Loading commit data...
AUTHORS		Loading commit data...
CONTRIBUTORS		Loading commit data...
LICENSE		Loading commit data...
PATENTS		Loading commit data...
README		Loading commit data...
favicon.ico		Loading commit data...
robots.txt		Loading commit data...

README