You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This bug still exists on the latest go (ran hg pull -u).
I noticed this error because i use go for a reverse http proxy. Go reads the cookie or
set-cookie headers correctly, but calling resp.Write() yeilds an incorrect escaping of
the URL.
After digging for hours through various parts of my code, I determined it must be a bug
in the library. Then, i searched through the library for a while, before finally finding
the bug! Volia!
Incidentally, the cookie *still works* in chrome, it is able to figure out that the path
is URLEscaped. However, many other browsers are not able to figure this out, and they
should not have to. This is incorrect behaviour.
What are the steps to reproduce the problem?
package main
import (
"os"
"http"
)
func main() {
resp, _, _ := http.Get("http://www.google.com";)
resp.Write(os.Stdout)
}
What is the expected output?
Set-Cookie: foo=bar; path=/
What do you see instead?
Set-Cookie: foo=bar; path=%2F
Which compiler are you using (5g, 6g, 8g, gccgo)?
8g
Which operating system are you using?
Linux x86
Which revision are you using? (hg identify)
9f27edac5018 tip
Please provide any additional information below.
The issue is on line 191 of src/pkg/http/cookie.go.
Current: fmt.Fprintf(&b, "Path=%s", URLEscape(c.Path))
Should be: fmt.Fprintf(&b, "Path=%s", c.Path)
There may be some other escaping you want to do, in order to ensure that e.g. semicolons
are properly encoded. However, whatever encoding function you use should *not* encode /
as %2f.
The text was updated successfully, but these errors were encountered:
by crazy1be:
The text was updated successfully, but these errors were encountered: