1
// Copyright 2010 The Go Authors. All rights reserved.
2
// Use of this source code is governed by a BSD-style
3
// license that can be found in the LICENSE file.
19
var writeSetCookiesTests = []struct {
24
&Cookie{Name: "cookie-1", Value: "v$1"},
28
&Cookie{Name: "cookie-2", Value: "two", MaxAge: 3600},
29
"cookie-2=two; Max-Age=3600",
32
&Cookie{Name: "cookie-3", Value: "three", Domain: ".example.com"},
33
"cookie-3=three; Domain=example.com",
36
&Cookie{Name: "cookie-4", Value: "four", Path: "/restricted/"},
37
"cookie-4=four; Path=/restricted/",
40
&Cookie{Name: "cookie-5", Value: "five", Domain: "wrong;bad.abc"},
44
&Cookie{Name: "cookie-6", Value: "six", Domain: "bad-.abc"},
48
&Cookie{Name: "cookie-7", Value: "seven", Domain: "127.0.0.1"},
49
"cookie-7=seven; Domain=127.0.0.1",
52
&Cookie{Name: "cookie-8", Value: "eight", Domain: "::1"},
56
&Cookie{Name: "cookie-9", Value: "expiring", Expires: time.Unix(1257894000, 0)},
57
"cookie-9=expiring; Expires=Tue, 10 Nov 2009 23:00:00 GMT",
59
// According to IETF 6265 Section 5.1.1.5, the year cannot be less than 1601
61
&Cookie{Name: "cookie-10", Value: "expiring-1601", Expires: time.Date(1601, 1, 1, 1, 1, 1, 1, time.UTC)},
62
"cookie-10=expiring-1601; Expires=Mon, 01 Jan 1601 01:01:01 GMT",
65
&Cookie{Name: "cookie-11", Value: "invalid-expiry", Expires: time.Date(1600, 1, 1, 1, 1, 1, 1, time.UTC)},
66
"cookie-11=invalid-expiry",
69
&Cookie{Name: "cookie-12", Value: "samesite-default", SameSite: SameSiteDefaultMode},
70
"cookie-12=samesite-default; SameSite",
73
&Cookie{Name: "cookie-13", Value: "samesite-lax", SameSite: SameSiteLaxMode},
74
"cookie-13=samesite-lax; SameSite=Lax",
77
&Cookie{Name: "cookie-14", Value: "samesite-strict", SameSite: SameSiteStrictMode},
78
"cookie-14=samesite-strict; SameSite=Strict",
80
// The "special" cookies have values containing commas or spaces which
81
// are disallowed by RFC 6265 but are common in the wild.
83
&Cookie{Name: "special-1", Value: "a z"},
87
&Cookie{Name: "special-2", Value: " z"},
91
&Cookie{Name: "special-3", Value: "a "},
95
&Cookie{Name: "special-4", Value: " "},
99
&Cookie{Name: "special-5", Value: "a,z"},
103
&Cookie{Name: "special-6", Value: ",z"},
107
&Cookie{Name: "special-7", Value: "a,"},
111
&Cookie{Name: "special-8", Value: ","},
115
&Cookie{Name: "empty-value", Value: ""},
132
func TestWriteSetCookies(t *testing.T) {
133
defer log.SetOutput(os.Stderr)
134
var logbuf bytes.Buffer
135
log.SetOutput(&logbuf)
137
for i, tt := range writeSetCookiesTests {
138
if g, e := tt.Cookie.String(), tt.Raw; g != e {
139
t.Errorf("Test %d, expecting:\n%s\nGot:\n%s\n", i, e, g)
144
if got, sub := logbuf.String(), "dropping domain attribute"; !strings.Contains(got, sub) {
145
t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got)
149
type headerOnlyResponseWriter Header
151
func (ho headerOnlyResponseWriter) Header() Header {
155
func (ho headerOnlyResponseWriter) Write([]byte) (int, error) {
159
func (ho headerOnlyResponseWriter) WriteHeader(int) {
163
func TestSetCookie(t *testing.T) {
165
SetCookie(headerOnlyResponseWriter(m), &Cookie{Name: "cookie-1", Value: "one", Path: "/restricted/"})
166
SetCookie(headerOnlyResponseWriter(m), &Cookie{Name: "cookie-2", Value: "two", MaxAge: 3600})
167
if l := len(m["Set-Cookie"]); l != 2 {
168
t.Fatalf("expected %d cookies, got %d", 2, l)
170
if g, e := m["Set-Cookie"][0], "cookie-1=one; Path=/restricted/"; g != e {
171
t.Errorf("cookie #1: want %q, got %q", e, g)
173
if g, e := m["Set-Cookie"][1], "cookie-2=two; Max-Age=3600"; g != e {
174
t.Errorf("cookie #2: want %q, got %q", e, g)
178
var addCookieTests = []struct {
187
[]*Cookie{{Name: "cookie-1", Value: "v$1"}},
192
{Name: "cookie-1", Value: "v$1"},
193
{Name: "cookie-2", Value: "v$2"},
194
{Name: "cookie-3", Value: "v$3"},
196
"cookie-1=v$1; cookie-2=v$2; cookie-3=v$3",
200
func TestAddCookie(t *testing.T) {
201
for i, tt := range addCookieTests {
202
req, _ := NewRequest("GET", "http://example.com/", nil)
203
for _, c := range tt.Cookies {
206
if g := req.Header.Get("Cookie"); g != tt.Raw {
207
t.Errorf("Test %d:\nwant: %s\n got: %s\n", i, tt.Raw, g)
213
var readSetCookiesTests = []struct {
218
Header{"Set-Cookie": {"Cookie-1=v$1"}},
219
[]*Cookie{{Name: "Cookie-1", Value: "v$1", Raw: "Cookie-1=v$1"}},
222
Header{"Set-Cookie": {"NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly"}},
225
Value: "99=YsDT5i3E-CXax-",
227
Domain: ".google.ch",
229
Expires: time.Date(2011, 11, 23, 1, 5, 3, 0, time.UTC),
230
RawExpires: "Wed, 23-Nov-2011 01:05:03 GMT",
231
Raw: "NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly",
235
Header{"Set-Cookie": {".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}},
240
Expires: time.Date(2012, 3, 7, 14, 25, 6, 0, time.UTC),
241
RawExpires: "Wed, 07-Mar-2012 14:25:06 GMT",
243
Raw: ".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly",
247
Header{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly"}},
249
Name: "ASP.NET_SessionId",
253
Raw: "ASP.NET_SessionId=foo; path=/; HttpOnly",
257
Header{"Set-Cookie": {"samesitedefault=foo; SameSite"}},
259
Name: "samesitedefault",
261
SameSite: SameSiteDefaultMode,
262
Raw: "samesitedefault=foo; SameSite",
266
Header{"Set-Cookie": {"samesitelax=foo; SameSite=Lax"}},
270
SameSite: SameSiteLaxMode,
271
Raw: "samesitelax=foo; SameSite=Lax",
275
Header{"Set-Cookie": {"samesitestrict=foo; SameSite=Strict"}},
277
Name: "samesitestrict",
279
SameSite: SameSiteStrictMode,
280
Raw: "samesitestrict=foo; SameSite=Strict",
283
// Make sure we can properly read back the Set-Cookie headers we create
284
// for values containing spaces or commas:
286
Header{"Set-Cookie": {`special-1=a z`}},
287
[]*Cookie{{Name: "special-1", Value: "a z", Raw: `special-1=a z`}},
290
Header{"Set-Cookie": {`special-2=" z"`}},
291
[]*Cookie{{Name: "special-2", Value: " z", Raw: `special-2=" z"`}},
294
Header{"Set-Cookie": {`special-3="a "`}},
295
[]*Cookie{{Name: "special-3", Value: "a ", Raw: `special-3="a "`}},
298
Header{"Set-Cookie": {`special-4=" "`}},
299
[]*Cookie{{Name: "special-4", Value: " ", Raw: `special-4=" "`}},
302
Header{"Set-Cookie": {`special-5=a,z`}},
303
[]*Cookie{{Name: "special-5", Value: "a,z", Raw: `special-5=a,z`}},
306
Header{"Set-Cookie": {`special-6=",z"`}},
307
[]*Cookie{{Name: "special-6", Value: ",z", Raw: `special-6=",z"`}},
310
Header{"Set-Cookie": {`special-7=a,`}},
311
[]*Cookie{{Name: "special-7", Value: "a,", Raw: `special-7=a,`}},
314
Header{"Set-Cookie": {`special-8=","`}},
315
[]*Cookie{{Name: "special-8", Value: ",", Raw: `special-8=","`}},
318
// TODO(bradfitz): users have reported seeing this in the
319
// wild, but do browsers handle it? RFC 6265 just says "don't
320
// do that" (section 3) and then never mentions header folding
322
// Header{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly, .ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}},
325
func toJSON(v interface{}) string {
326
b, err := json.Marshal(v)
328
return fmt.Sprintf("%#v", v)
333
func TestReadSetCookies(t *testing.T) {
334
for i, tt := range readSetCookiesTests {
335
for n := 0; n < 2; n++ { // to verify readSetCookies doesn't mutate its input
336
c := readSetCookies(tt.Header)
337
if !reflect.DeepEqual(c, tt.Cookies) {
338
t.Errorf("#%d readSetCookies: have\n%s\nwant\n%s\n", i, toJSON(c), toJSON(tt.Cookies))
345
var readCookiesTests = []struct {
351
Header{"Cookie": {"Cookie-1=v$1", "c2=v2"}},
354
{Name: "Cookie-1", Value: "v$1"},
355
{Name: "c2", Value: "v2"},
359
Header{"Cookie": {"Cookie-1=v$1", "c2=v2"}},
362
{Name: "c2", Value: "v2"},
366
Header{"Cookie": {"Cookie-1=v$1; c2=v2"}},
369
{Name: "Cookie-1", Value: "v$1"},
370
{Name: "c2", Value: "v2"},
374
Header{"Cookie": {"Cookie-1=v$1; c2=v2"}},
377
{Name: "c2", Value: "v2"},
381
Header{"Cookie": {`Cookie-1="v$1"; c2="v2"`}},
384
{Name: "Cookie-1", Value: "v$1"},
385
{Name: "c2", Value: "v2"},
390
func TestReadCookies(t *testing.T) {
391
for i, tt := range readCookiesTests {
392
for n := 0; n < 2; n++ { // to verify readCookies doesn't mutate its input
393
c := readCookies(tt.Header, tt.Filter)
394
if !reflect.DeepEqual(c, tt.Cookies) {
395
t.Errorf("#%d readCookies:\nhave: %s\nwant: %s\n", i, toJSON(c), toJSON(tt.Cookies))
402
func TestSetCookieDoubleQuotes(t *testing.T) {
403
res := &Response{Header: Header{}}
404
res.Header.Add("Set-Cookie", `quoted0=none; max-age=30`)
405
res.Header.Add("Set-Cookie", `quoted1="cookieValue"; max-age=31`)
406
res.Header.Add("Set-Cookie", `quoted2=cookieAV; max-age="32"`)
407
res.Header.Add("Set-Cookie", `quoted3="both"; max-age="33"`)
410
{Name: "quoted0", Value: "none", MaxAge: 30},
411
{Name: "quoted1", Value: "cookieValue", MaxAge: 31},
412
{Name: "quoted2", Value: "cookieAV"},
413
{Name: "quoted3", Value: "both"},
415
if len(got) != len(want) {
416
t.Fatalf("got %d cookies, want %d", len(got), len(want))
418
for i, w := range want {
420
if g.Name != w.Name || g.Value != w.Value || g.MaxAge != w.MaxAge {
421
t.Errorf("cookie #%d:\ngot %v\nwant %v", i, g, w)
426
func TestCookieSanitizeValue(t *testing.T) {
427
defer log.SetOutput(os.Stderr)
428
var logbuf bytes.Buffer
429
log.SetOutput(&logbuf)
435
{"foo;bar", "foobar"},
436
{"foo\\bar", "foobar"},
437
{"foo\"bar", "foobar"},
438
{"\x00\x7e\x7f\x80", "\x7e"},
439
{`"withquotes"`, "withquotes"},
447
for _, tt := range tests {
448
if got := sanitizeCookieValue(tt.in); got != tt.want {
449
t.Errorf("sanitizeCookieValue(%q) = %q; want %q", tt.in, got, tt.want)
453
if got, sub := logbuf.String(), "dropping invalid bytes"; !strings.Contains(got, sub) {
454
t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got)
458
func TestCookieSanitizePath(t *testing.T) {
459
defer log.SetOutput(os.Stderr)
460
var logbuf bytes.Buffer
461
log.SetOutput(&logbuf)
467
{"/path with space/", "/path with space/"},
468
{"/just;no;semicolon\x00orstuff/", "/justnosemicolonorstuff/"},
470
for _, tt := range tests {
471
if got := sanitizeCookiePath(tt.in); got != tt.want {
472
t.Errorf("sanitizeCookiePath(%q) = %q; want %q", tt.in, got, tt.want)
476
if got, sub := logbuf.String(), "dropping invalid bytes"; !strings.Contains(got, sub) {
477
t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got)
481
func BenchmarkCookieString(b *testing.B) {
482
const wantCookieString = `cookie-9=i3e01nf61b6t23bvfmplnanol3; Path=/restricted/; Domain=example.com; Expires=Tue, 10 Nov 2009 23:00:00 GMT; Max-Age=3600`
485
Value: "i3e01nf61b6t23bvfmplnanol3",
486
Expires: time.Unix(1257894000, 0),
487
Path: "/restricted/",
488
Domain: ".example.com",
491
var benchmarkCookieString string
494
for i := 0; i < b.N; i++ {
495
benchmarkCookieString = c.String()
497
if have, want := benchmarkCookieString, wantCookieString; have != want {
498
b.Fatalf("Have: %v Want: %v", have, want)
502
func BenchmarkReadSetCookies(b *testing.B) {
505
"NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly",
506
".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly",
509
wantCookies := []*Cookie{
512
Value: "99=YsDT5i3E-CXax-",
514
Domain: ".google.ch",
516
Expires: time.Date(2011, 11, 23, 1, 5, 3, 0, time.UTC),
517
RawExpires: "Wed, 23-Nov-2011 01:05:03 GMT",
518
Raw: "NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly",
524
Expires: time.Date(2012, 3, 7, 14, 25, 6, 0, time.UTC),
525
RawExpires: "Wed, 07-Mar-2012 14:25:06 GMT",
527
Raw: ".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly",
533
for i := 0; i < b.N; i++ {
534
c = readSetCookies(header)
536
if !reflect.DeepEqual(c, wantCookies) {
537
b.Fatalf("readSetCookies:\nhave: %s\nwant: %s\n", toJSON(c), toJSON(wantCookies))
541
func BenchmarkReadCookies(b *testing.B) {
544
`de=; client_region=0; rpld1=0:hispeed.ch|20:che|21:zh|22:zurich|23:47.36|24:8.53|; rpld0=1:08|; backplane-channel=newspaper.com:1471; devicetype=0; osfam=0; rplmct=2; s_pers=%20s_vmonthnum%3D1472680800496%2526vn%253D1%7C1472680800496%3B%20s_nr%3D1471686767664-New%7C1474278767664%3B%20s_lv%3D1471686767669%7C1566294767669%3B%20s_lv_s%3DFirst%2520Visit%7C1471688567669%3B%20s_monthinvisit%3Dtrue%7C1471688567677%3B%20gvp_p5%3Dsports%253Ablog%253Aearly-lead%2520-%2520184693%2520-%252020160820%2520-%2520u-s%7C1471688567681%3B%20gvp_p51%3Dwp%2520-%2520sports%7C1471688567684%3B; s_sess=%20s_wp_ep%3Dhomepage%3B%20s._ref%3Dhttps%253A%252F%252Fwww.google.ch%252F%3B%20s_cc%3Dtrue%3B%20s_ppvl%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_ppv%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-s-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_dslv%3DFirst%2520Visit%3B%20s_sq%3Dwpninewspapercom%253D%252526pid%25253Dsports%2525253Ablog%2525253Aearly-lead%25252520-%25252520184693%25252520-%2525252020160820%25252520-%25252520u-s%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.newspaper.com%2525252F%2525253Fnid%2525253Dmenu_nav_homepage%252526ot%25253DA%3B`,
547
wantCookies := []*Cookie{
548
{Name: "de", Value: ""},
549
{Name: "client_region", Value: "0"},
550
{Name: "rpld1", Value: "0:hispeed.ch|20:che|21:zh|22:zurich|23:47.36|24:8.53|"},
551
{Name: "rpld0", Value: "1:08|"},
552
{Name: "backplane-channel", Value: "newspaper.com:1471"},
553
{Name: "devicetype", Value: "0"},
554
{Name: "osfam", Value: "0"},
555
{Name: "rplmct", Value: "2"},
556
{Name: "s_pers", Value: "%20s_vmonthnum%3D1472680800496%2526vn%253D1%7C1472680800496%3B%20s_nr%3D1471686767664-New%7C1474278767664%3B%20s_lv%3D1471686767669%7C1566294767669%3B%20s_lv_s%3DFirst%2520Visit%7C1471688567669%3B%20s_monthinvisit%3Dtrue%7C1471688567677%3B%20gvp_p5%3Dsports%253Ablog%253Aearly-lead%2520-%2520184693%2520-%252020160820%2520-%2520u-s%7C1471688567681%3B%20gvp_p51%3Dwp%2520-%2520sports%7C1471688567684%3B"},
557
{Name: "s_sess", Value: "%20s_wp_ep%3Dhomepage%3B%20s._ref%3Dhttps%253A%252F%252Fwww.google.ch%252F%3B%20s_cc%3Dtrue%3B%20s_ppvl%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_ppv%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-s-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_dslv%3DFirst%2520Visit%3B%20s_sq%3Dwpninewspapercom%253D%252526pid%25253Dsports%2525253Ablog%2525253Aearly-lead%25252520-%25252520184693%25252520-%2525252020160820%25252520-%25252520u-s%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.newspaper.com%2525252F%2525253Fnid%2525253Dmenu_nav_homepage%252526ot%25253DA%3B"},
562
for i := 0; i < b.N; i++ {
563
c = readCookies(header, "")
565
if !reflect.DeepEqual(c, wantCookies) {
566
b.Fatalf("readCookies:\nhave: %s\nwant: %s\n", toJSON(c), toJSON(wantCookies))