Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
net/http: document that SetCookie can quote the value #37055
The quotes are allowed by RFC 6265. We could quote every value on Mondays and be compliant to the spec. The fact that the cookie value might be quoted is implicit in "a Set-Cookie header". The whole idea of providing dedicated cookie handling functions in net/http is to free the user from parsing Cookie and Set-Cookie headers himself. The value might be quoted or not but net/http, all relevant browsers and all cookie handling libraries in other languages transparently handle quoted and unquoted values. I do not see why the user needs to be informed about this particular detail of the generated Set-Cookie header. Other details are also not mentioned as they are regulated by the relevant spec (e.g. time zone of the expires field).
I do not think that this behaviour should be documented: Once documented it cannot be changed anymore.
The documentation states
but does not specify what exactly is considered "invalid", simply because this is a moving target: If every browser properly handles some character X and most other HTTP libraries allow X then net/http has tried to also allow X.
What values are considered valid/invalid and which one need quoting has changed several times. These changes have allowed users to use Go with existing browsers and existing legacy systems. If we fix what is quoted we loos the ability to accommodate for future changes.
I don't think this should be documented: