Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upproposal: net/http: add constant for samesite cookie mode #39609
Comments
|
Why do we need a constant that has the same value as the zero value for that type? Why does explicitly saying "the thing isn't set" improve over just not setting it? |
|
Change https://golang.org/cl/237998 mentions this issue: |
|
@davecheney In my opinion it mainly improves code readability in some situations. The behavior is already there, but the name is not, so to invoke such behavior I need to pass 0. For example you can have a configuration with SameSite mode and you don't want to have multiple ways to construct a cookie (with or without the samesite attribute). For example see the ory/hydra#1908 commit. |
|
Thanks for the example. That API is pretty hard to use correctly, especially as there is no safe default for that parameter. Changing Go might be a solution to that, but there might be others which would lead to a more usable API. |
|
@davecheney Agreed, the cookie samesite API is hard to use and one of the small problems is that there is behavior that does not have a name, yet it is used. The other is that |
andybons
changed the title
What version of Go are you using (
go version)?Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env)?not relevant
What did you do?
I wanted to specify cookie samesite mode that would indicate cookie without a samesite attribute while implementing ory/hydra#1908 that requires cookie without any samesite attribute.
What did you expect to see?
I expected to find the samesite mode const with such behavior in the net/http package
What did you see instead?
I had to use unnamed magic constant (0)