Skip to content

net/http: why drop the leading dot of cookie.Domain? #9692

@haoxins

Description

@haoxins

https://github.com/golang/go/blob/master/src/net/http/cookie.go#L144-L151

            // A c.Domain containing illegal characters is not
            // sanitized but simply dropped which turns the cookie
            // into a host-only cookie. A leading dot is okay
            // but won't be sent.
            d := c.Domain
            if d[0] == '.' {
                d = d[1:]
            }
            fmt.Fprintf(&b, "; Domain=%s", d)

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions