Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: net/http.Cookie appears to be misrendered #64615

Closed
mvdan opened this issue Dec 8, 2023 · 4 comments
Closed

x/pkgsite: net/http.Cookie appears to be misrendered #64615

mvdan opened this issue Dec 8, 2023 · 4 comments
Labels
Milestone

Comments

@mvdan
Copy link
Member

mvdan commented Dec 8, 2023

What is the URL of the page with the issue?

https://pkg.go.dev/net/http#Cookie

What is your user agent?

Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0

Screenshot

image

What did you do?

I tried to view the Cookie type in the net/http package, by clicking on its name in the Index section.

That correctly points to https://pkg.go.dev/net/http#Cookie, but that does... Nothing. Manually scrolling to find the Cookie type shows that, for some reason, it got rendered adjacent to func (ConnState) String and without any anchor link or title.

What did you expect to see?

The anchor link should work, and the type should be rendered with a title or section header. For example, see CookieJar:

image

What did you see instead?

See the first screenshot above.

@mvdan mvdan added the pkgsite label Dec 8, 2023
@gopherbot gopherbot added this to the Unreleased milestone Dec 8, 2023
@mvdan
Copy link
Member Author

mvdan commented Dec 8, 2023

Hm, I could not reproduce in Firefox with a new/empty profile. It seems like disabling the extension https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/ fixes the issue as well.

Here are the console logs from loading the page in Firefox with the extension, resulting in the broken UI:

Content-Security-Policy warnings 4
Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “http:” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: nonce-source or hash-source specified http
Source map error: Error: NetworkError when attempting to fetch resource.
Resource URL: moz-extension://013c5a20-db81-48da-b1ea-f655119f1698/model/static/DOMPurify/purify.min.js
Source Map URL: purify.min.js.map

And without the extension, where the UI is fine:

Content-Security-Policy warnings 4
Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “http:” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: nonce-source or hash-source specified http
Some cookies are misusing the recommended “SameSite“ attribute 13
Cookie “_gcl_au” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite gtm.js:221:914
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_gid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_gid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_ga_HL38R6X1Q3” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite 2 js:285:914
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite js:285:914
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_gid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_gid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_gid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Content-Security-Policy: The page’s settings blocked the loading of a resource at eval (“script-src”). 2 gtm.js:5:27
Source map error: Error: NetworkError when attempting to fetch resource.
Resource URL: moz-extension://013c5a20-db81-48da-b1ea-f655119f1698/model/static/DOMPurify/purify.min.js
Source Map URL: purify.min.js.map
Content-Security-Policy: The page’s settings blocked the loading of a resource at eval (“script-src”). gtm.js:5:27

@mvdan
Copy link
Member Author

mvdan commented Dec 8, 2023

Indeed the adblocker's "cosmetic filters" are hiding the Cookie heading. Not sure how that is happening, but clearly not a pkgsite bug :)

@mvdan mvdan closed this as not planned Won't fix, can't repro, duplicate, stale Dec 8, 2023
@mvdan
Copy link
Member Author

mvdan commented Dec 8, 2023

For the sake of completeness, it turned out that one of the filter lists considered the heading a "cookie notice annoyance" :) Oh dear. Disabled.

@mvdan
Copy link
Member Author

mvdan commented Dec 8, 2023

Previously: #59901

For those running into this in the future, the culprit was EasyList - Cookie Notices, which I've disabled now. It appears to be too aggressive, thinking that the Cookie header/section must be a browser cookie notice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants