-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/net/http/httpguts: add ParseCookie and ParseSetCookie #25194
Comments
There is https://golang.org/pkg/net/http/cookiejar, but I don't think cookie parsing should be put there since that package is specific to the jar. If there was a net/http/cookie or x/net/cookie, that would be a better place. But note that there is a precedent for including ParseCookies in net/http. Namely, ParseHTTPVersion is a similar situation. The value that ParseHTTPVersion provides could just as well be computed from Response.ProtoMajor and Response.ProtoMinor. Similarly, the value that ParseCookies provides could just as well be computed from Request.Cookies. They are both utility methods which could also be handled by their natural parent objects and probably provide a bunch of value when not in the context of executing/serving http. |
@posener I understand that it would be convenient to have this as a function available. But I doubt that this function is used that often that it is worth an API change (which So I doubt that this is a common problem, especially as it has a very simple and @meirf Your precedent isn't one. ParseHTTPVersion cannot be computed from @odeke-em A new package like golang.org/x/net/cookie is a tempting idea. So I would reject this proposal. |
It does seem awkward that we have this functionality in the standard library already, it's useful, and it's hidden from users except via an odd use of Request. Trying to make it more available seems OK in the abstract. Looking at the net/http source it's a little awkward that Cookie: and Set-Cookie: headers need to be parsed differently, so "ParseCookies" is not completely well-specified. Set-Cookie has extra attributes on the line and accepts double-quoted values, where Cookie does not, apparently. Probably ParseCookies should be able to return an error as well? Which should ParseCookie do? Does someone want to propose a specific API? |
I can also refer the httputil/header package in the gddo repository. It contains some header pasing utils, among them |
I took my time to look into the specification.
The For example: The value defined as "cookie-octet" double quoted "cookie-octet"
The For example: Conclusions and ThoughtsSo If there were functions that parse cookies values, there should be two of them: // ParseSetCookie parses Set-Cookie header value and return a cookie
// It returns error on syntax error.
func ParseSetCookie(cookie string) (*Cookie, error) {}
// ParseCookie parses a Cookie header value and returns all the cookies
// which were set in it. Since the same cookie name can appear multiple times
// the returned Values can contain more than one value for a given key.
func ParseCookie(cookies string) (Values, error) {} General comments:
|
Three remarks: ParseCookie must return []*Cookie: A Cookie header contains key=value pairs, Documentation should note which RFC governs parsing and which exceptions "[...] it seems like the standard library needs the package functionality to I'm still not convinced there is a need for these functions: If the cookies |
Thanks @vdobler for pointing out that the use for these functions is unclear. Most of the time you have an http.Request and have good getter/setter functions. @posener, what is the context in which these extra functions would be needed? @vdobler suggests maybe for getting at the error to find out why a particular Cookie line is malformed, but that's pretty special-case for new API. |
The use case is parsing a authentication cookie that I get as string value from a rest framework (go-swagger). From the birds eye it might look like a very specific case. |
I'd be fine adding new API to https://godoc.org/golang.org/x/net/http/httpguts which is specifically a catch-all bin of misc & shared HTTP stuff. |
@bradfitz , adding it in |
@posener, not if you make net/http use httpguts's implementation. net/http already depends on guts. |
It sounds like this proposal has morphed into adding these to httpguts:
That's OK with proposal-review, including @bradfitz. |
I may be missing something here, but if net/http depends on httpguts and ParseSetCookie returns an *http.Cookie, wouldn't there be an import cycle? Edit: We could move the cookie implementation to httpguts, and create an alias declaration for the cookie type in net/http. I'm not sure if this would violate the backwards compatibility promise.
|
That would make godoc unhelpful. |
What if we bundle x/net/http/httpguts into net/http like we do for x/net/http2? That way, the implementation is maintained in a separate library, but the API is exposed through the standard library. |
I suppose that'd work, but it'd be a little unfortunate to have more copies of it in binaries. Because http2 depends on httpguts already. I actually don't think x/tools/cmd/bundle would work as-is with multiple levels of bundling. It'd need work. And moving the definition of Cookie to httpguts is also pretty gross. We could almost have an exact copy of the Cookie struct type in the httpguts package (and have users convert between the differently named identical structs), except in Go 1.11 we added the SameSite field with type http.SameSite, so there's another cycle. Perhaps the net/http Cookie type could move to a child package and use type aliases (and we could fix godoc to conditionally promote the docs or something). But then this is all sounding complicated. Perhaps bundling is the best option. Somebody could try it. |
Has there been any movement on this? |
It seems that the only viable option is to do bundling. The functions above should be implemented in httpguts as specified. x/tools/cmd/bundle would be updated to handle a package that is bundled multiple times. net/http internally would then use the bundled implementation of httpguts_ParseCookie and httpguts_ParseSetCookie. The only other option I see would be to linkname in the functions from httpguts, but that would require net/http to import unsafe, which is not going to happen. Given the constraints this imposes on implementation, perhaps this proposal should be reevaluated to be implemented in the standard library? |
how it's going? It's nice to have built-in functionality to parse Cookie & Set-Cookie header content |
/cc @golang/proposal-review |
Change https://go.dev/cl/566795 mentions this issue: |
I've mailed out https://go-review.googlesource.com/c/net/+/566795 please take a look. |
Thanks for https://go.dev/cl/566795. I really dislike the duplication of the CL 566795 only duplicates the bare minimum required to implement I know this is an accepted proposal, but I don't want to have to support this. If we want to add |
Filed #66008 for net/http change. Let's close this as a duplicate of that. |
I've unaccepted this proposal in favor of #66008. The meaning of cookie attributes seems to have changed since 2018 too, so good not to do this API. |
What version of Go are you using (
go version
)?go version go1.10 linux/amd64
Does this issue reproduce with the latest release?
Yes
What did you do?
I wanted to extract cookies struct from a cookie header string.
I had to type this piece of code:
It felt kind of workaround.
What did you expect to see?
Have the appropriate method in the
net/http
package that is public and parses cookie headers to a[]*Cookie
struct.For example:
What did you see instead?
Nothing.
The text was updated successfully, but these errors were encountered: