HTTP Cookies Incorrectly Escape Paths

[gopherbot]

by crazy1be:

This bug still exists on the latest go (ran hg pull -u).

I noticed this error because i use go for a reverse http proxy. Go reads the cookie or
set-cookie headers correctly, but calling resp.Write() yeilds an incorrect escaping of
the URL.

After digging for hours through various parts of my code, I determined it must be a bug
in the library. Then, i searched through the library for a while, before finally finding
the bug! Volia!

Incidentally, the cookie *still works* in chrome, it is able to figure out that the path
is URLEscaped. However, many other browsers are not able to figure this out, and they
should not have to. This is incorrect behaviour.

What are the steps to reproduce the problem?
package main

import (
    "os"
    "http"
)

func main() {
    resp, _, _ := http.Get("http://www.google.com";)
    resp.Write(os.Stdout)
}

What is the expected output?
Set-Cookie: foo=bar; path=/

What do you see instead?
Set-Cookie: foo=bar; path=%2F

Which compiler are you using (5g, 6g, 8g, gccgo)?
8g

Which operating system are you using?
Linux x86

Which revision are you using?  (hg identify)
9f27edac5018 tip

Please provide any additional information below.

The issue is on line 191 of src/pkg/http/cookie.go.

Current: fmt.Fprintf(&b, "Path=%s", URLEscape(c.Path))
Should be: fmt.Fprintf(&b, "Path=%s", c.Path)

There may be some other escaping you want to do, in order to ensure that e.g. semicolons
are properly encoded. However, whatever encoding function you use should *not* encode /
as %2f.

[rsc]

Comment 1:

I think all the URLEscaping should go away.

Owner changed to @rsc.

Status changed to Accepted.

[petar]

Comment 2:

Will fix. All escaping goes.

[bradfitz]

Comment 3:

Owner changed to @bradfitz.

[bradfitz]

Comment 4:

This issue was closed by revision 8b35293.

Status changed to Fixed.