profile
viewpoint

vdobler/chart 657

Provide basic charts in go

vdobler/ht 22

Http Testing made easy

vdobler/plot 10

Provide ggplot2-like plotting in Go

vdobler/webtest 7

Testing framework for web applications

vdobler/ft 1

First test

vdobler/stable 1

Some experiments with stable sorting in Go.

vdobler/bender 0

An easy-to-use library for creating load testing applications

issue commentgolang/go

net/http/cookie: readSetCookies does not strip whitespace for key/value pair received

/cc @nigeltao

This seems like a real bug. The "Note" in RFC 6265 5.2 makes it pretty clear:

NOTE: The algorithm below is more permissive than the grammar in Section 4.1. For example, the algorithm strips leading and trailing whitespace from the cookie name and value (but maintains internal whitespace), whereas the grammar in Section 4.1 forbids whitespace in these positions. User agents use this algorithm so as to interoperate with servers that do not follow the recommendations in Section 4.

So while sending a Set-Cookie header of the form Set-Cookie: SessionID=some_value;path =/;HttpOnly; is a violation of RFC 6265 we probably should accept it.

@jixunmoe You write

with valid Set-Cookie header The Set-Cookie header is technically not valid.

jixunmoe

comment created time in a month

issue commentgolang/go

net/http: readCookies unable to parse out cookies that are not well written

Was fixed by https://golang.org/cl/235141 .

shidawuhen

comment created time in 2 months

more