net/http: SetCookie is creating invalid headers #29804
Comments
Can you write an example that doesn't use third-party packages? (that is, how do we know this isn't a bug in securecookie or in your code connecting the two?) And what part of the output do you think is invalid? We could figure it out, but it helps if you're more explicit in bug reports. |
Okay, this is the code without third-party packages. Still the same result. cookie := &http.Cookie{ Name: "cookie-name", Value: "Hello World!", Path: "/", Secure: true, HttpOnly: true, } http.SetCookie(*w, cookie) // w = *http.ResponseWriter The part that is invalid is that the header for the cookie is |
@Rickgrendel, the string I certainly don't see that: https://play.golang.org/p/G2J_7TnSA9n We use |
Timed out in state WaitingForInfo. Closing. (I am just a bot, though. Please speak up if this is a mistake or you have the requested information.) |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
Create a secure cookie with github.com/gorilla/securecookie (wich from their side works) and create a cookie with
http.setcookie()
What did you expect to see?
In my REST client for testing I expected to see a valid Set-Cookie header but the header is written as
setcookie
and the Secure and HttpOnly flags are missing.What did you see instead?
An invalid cookie header created by
http.setcookie()
The text was updated successfully, but these errors were encountered: