1 // Copyright 2010 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
19 var writeSetCookiesTests
= []struct {
24 &Cookie
{Name
: "cookie-1", Value
: "v$1"},
28 &Cookie
{Name
: "cookie-2", Value
: "two", MaxAge
: 3600},
29 "cookie-2=two; Max-Age=3600",
32 &Cookie
{Name
: "cookie-3", Value
: "three", Domain
: ".example.com"},
33 "cookie-3=three; Domain=example.com",
36 &Cookie
{Name
: "cookie-4", Value
: "four", Path
: "/restricted/"},
37 "cookie-4=four; Path=/restricted/",
40 &Cookie
{Name
: "cookie-5", Value
: "five", Domain
: "wrong;bad.abc"},
44 &Cookie
{Name
: "cookie-6", Value
: "six", Domain
: "bad-.abc"},
48 &Cookie
{Name
: "cookie-7", Value
: "seven", Domain
: "127.0.0.1"},
49 "cookie-7=seven; Domain=127.0.0.1",
52 &Cookie
{Name
: "cookie-8", Value
: "eight", Domain
: "::1"},
56 &Cookie
{Name
: "cookie-9", Value
: "expiring", Expires
: time
.Unix(1257894000, 0)},
57 "cookie-9=expiring; Expires=Tue, 10 Nov 2009 23:00:00 GMT",
59 // According to IETF 6265 Section 5.1.1.5, the year cannot be less than 1601
61 &Cookie
{Name
: "cookie-10", Value
: "expiring-1601", Expires
: time
.Date(1601, 1, 1, 1, 1, 1, 1, time
.UTC
)},
62 "cookie-10=expiring-1601; Expires=Mon, 01 Jan 1601 01:01:01 GMT",
65 &Cookie
{Name
: "cookie-11", Value
: "invalid-expiry", Expires
: time
.Date(1600, 1, 1, 1, 1, 1, 1, time
.UTC
)},
66 "cookie-11=invalid-expiry",
69 &Cookie
{Name
: "cookie-12", Value
: "samesite-default", SameSite
: SameSiteDefaultMode
},
70 "cookie-12=samesite-default; SameSite",
73 &Cookie
{Name
: "cookie-13", Value
: "samesite-lax", SameSite
: SameSiteLaxMode
},
74 "cookie-13=samesite-lax; SameSite=Lax",
77 &Cookie
{Name
: "cookie-14", Value
: "samesite-strict", SameSite
: SameSiteStrictMode
},
78 "cookie-14=samesite-strict; SameSite=Strict",
80 // The "special" cookies have values containing commas or spaces which
81 // are disallowed by RFC 6265 but are common in the wild.
83 &Cookie
{Name
: "special-1", Value
: "a z"},
87 &Cookie
{Name
: "special-2", Value
: " z"},
91 &Cookie
{Name
: "special-3", Value
: "a "},
95 &Cookie
{Name
: "special-4", Value
: " "},
99 &Cookie
{Name
: "special-5", Value
: "a,z"},
103 &Cookie
{Name
: "special-6", Value
: ",z"},
107 &Cookie
{Name
: "special-7", Value
: "a,"},
111 &Cookie
{Name
: "special-8", Value
: ","},
115 &Cookie
{Name
: "empty-value", Value
: ""},
132 func TestWriteSetCookies(t
*testing
.T
) {
133 defer log
.SetOutput(os
.Stderr
)
134 var logbuf bytes
.Buffer
135 log
.SetOutput(&logbuf
)
137 for i
, tt
:= range writeSetCookiesTests
{
138 if g
, e
:= tt
.Cookie
.String(), tt
.Raw
; g
!= e
{
139 t
.Errorf("Test %d, expecting:\n%s\nGot:\n%s\n", i
, e
, g
)
144 if got
, sub
:= logbuf
.String(), "dropping domain attribute"; !strings
.Contains(got
, sub
) {
145 t
.Errorf("Expected substring %q in log output. Got:\n%s", sub
, got
)
149 type headerOnlyResponseWriter Header
151 func (ho headerOnlyResponseWriter
) Header() Header
{
155 func (ho headerOnlyResponseWriter
) Write([]byte) (int, error
) {
159 func (ho headerOnlyResponseWriter
) WriteHeader(int) {
163 func TestSetCookie(t
*testing
.T
) {
165 SetCookie(headerOnlyResponseWriter(m
), &Cookie
{Name
: "cookie-1", Value
: "one", Path
: "/restricted/"})
166 SetCookie(headerOnlyResponseWriter(m
), &Cookie
{Name
: "cookie-2", Value
: "two", MaxAge
: 3600})
167 if l
:= len(m
["Set-Cookie"]); l
!= 2 {
168 t
.Fatalf("expected %d cookies, got %d", 2, l
)
170 if g
, e
:= m
["Set-Cookie"][0], "cookie-1=one; Path=/restricted/"; g
!= e
{
171 t
.Errorf("cookie #1: want %q, got %q", e
, g
)
173 if g
, e
:= m
["Set-Cookie"][1], "cookie-2=two; Max-Age=3600"; g
!= e
{
174 t
.Errorf("cookie #2: want %q, got %q", e
, g
)
178 var addCookieTests
= []struct {
187 []*Cookie
{{Name
: "cookie-1", Value
: "v$1"}},
192 {Name
: "cookie-1", Value
: "v$1"},
193 {Name
: "cookie-2", Value
: "v$2"},
194 {Name
: "cookie-3", Value
: "v$3"},
196 "cookie-1=v$1; cookie-2=v$2; cookie-3=v$3",
200 func TestAddCookie(t
*testing
.T
) {
201 for i
, tt
:= range addCookieTests
{
202 req
, _
:= NewRequest("GET", "http://example.com/", nil)
203 for _
, c
:= range tt
.Cookies
{
206 if g
:= req
.Header
.Get("Cookie"); g
!= tt
.Raw
{
207 t
.Errorf("Test %d:\nwant: %s\n got: %s\n", i
, tt
.Raw
, g
)
213 var readSetCookiesTests
= []struct {
218 Header
{"Set-Cookie": {"Cookie-1=v$1"}},
219 []*Cookie
{{Name
: "Cookie-1", Value
: "v$1", Raw
: "Cookie-1=v$1"}},
222 Header
{"Set-Cookie": {"NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly"}},
225 Value
: "99=YsDT5i3E-CXax-",
227 Domain
: ".google.ch",
229 Expires
: time
.Date(2011, 11, 23, 1, 5, 3, 0, time
.UTC
),
230 RawExpires
: "Wed, 23-Nov-2011 01:05:03 GMT",
231 Raw
: "NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly",
235 Header
{"Set-Cookie": {".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}},
240 Expires
: time
.Date(2012, 3, 7, 14, 25, 6, 0, time
.UTC
),
241 RawExpires
: "Wed, 07-Mar-2012 14:25:06 GMT",
243 Raw
: ".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly",
247 Header
{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly"}},
249 Name
: "ASP.NET_SessionId",
253 Raw
: "ASP.NET_SessionId=foo; path=/; HttpOnly",
257 Header
{"Set-Cookie": {"samesitedefault=foo; SameSite"}},
259 Name
: "samesitedefault",
261 SameSite
: SameSiteDefaultMode
,
262 Raw
: "samesitedefault=foo; SameSite",
266 Header
{"Set-Cookie": {"samesitelax=foo; SameSite=Lax"}},
270 SameSite
: SameSiteLaxMode
,
271 Raw
: "samesitelax=foo; SameSite=Lax",
275 Header
{"Set-Cookie": {"samesitestrict=foo; SameSite=Strict"}},
277 Name
: "samesitestrict",
279 SameSite
: SameSiteStrictMode
,
280 Raw
: "samesitestrict=foo; SameSite=Strict",
283 // Make sure we can properly read back the Set-Cookie headers we create
284 // for values containing spaces or commas:
286 Header
{"Set-Cookie": {`special-1=a z`}},
287 []*Cookie
{{Name
: "special-1", Value
: "a z", Raw
: `special-1=a z`}},
290 Header
{"Set-Cookie": {`special-2=" z"`}},
291 []*Cookie
{{Name
: "special-2", Value
: " z", Raw
: `special-2=" z"`}},
294 Header
{"Set-Cookie": {`special-3="a "`}},
295 []*Cookie
{{Name
: "special-3", Value
: "a ", Raw
: `special-3="a "`}},
298 Header
{"Set-Cookie": {`special-4=" "`}},
299 []*Cookie
{{Name
: "special-4", Value
: " ", Raw
: `special-4=" "`}},
302 Header
{"Set-Cookie": {`special-5=a,z`}},
303 []*Cookie
{{Name
: "special-5", Value
: "a,z", Raw
: `special-5=a,z`}},
306 Header
{"Set-Cookie": {`special-6=",z"`}},
307 []*Cookie
{{Name
: "special-6", Value
: ",z", Raw
: `special-6=",z"`}},
310 Header
{"Set-Cookie": {`special-7=a,`}},
311 []*Cookie
{{Name
: "special-7", Value
: "a,", Raw
: `special-7=a,`}},
314 Header
{"Set-Cookie": {`special-8=","`}},
315 []*Cookie
{{Name
: "special-8", Value
: ",", Raw
: `special-8=","`}},
318 // TODO(bradfitz): users have reported seeing this in the
319 // wild, but do browsers handle it? RFC 6265 just says "don't
320 // do that" (section 3) and then never mentions header folding
322 // Header{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly, .ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}},
325 func toJSON(v
interface{}) string {
326 b
, err
:= json
.Marshal(v
)
328 return fmt
.Sprintf("%#v", v
)
333 func TestReadSetCookies(t
*testing
.T
) {
334 for i
, tt
:= range readSetCookiesTests
{
335 for n
:= 0; n
< 2; n
++ { // to verify readSetCookies doesn't mutate its input
336 c
:= readSetCookies(tt
.Header
)
337 if !reflect
.DeepEqual(c
, tt
.Cookies
) {
338 t
.Errorf("#%d readSetCookies: have\n%s\nwant\n%s\n", i
, toJSON(c
), toJSON(tt
.Cookies
))
345 var readCookiesTests
= []struct {
351 Header
{"Cookie": {"Cookie-1=v$1", "c2=v2"}},
354 {Name
: "Cookie-1", Value
: "v$1"},
355 {Name
: "c2", Value
: "v2"},
359 Header
{"Cookie": {"Cookie-1=v$1", "c2=v2"}},
362 {Name
: "c2", Value
: "v2"},
366 Header
{"Cookie": {"Cookie-1=v$1; c2=v2"}},
369 {Name
: "Cookie-1", Value
: "v$1"},
370 {Name
: "c2", Value
: "v2"},
374 Header
{"Cookie": {"Cookie-1=v$1; c2=v2"}},
377 {Name
: "c2", Value
: "v2"},
381 Header
{"Cookie": {`Cookie-1="v$1"; c2="v2"`}},
384 {Name
: "Cookie-1", Value
: "v$1"},
385 {Name
: "c2", Value
: "v2"},
390 func TestReadCookies(t
*testing
.T
) {
391 for i
, tt
:= range readCookiesTests
{
392 for n
:= 0; n
< 2; n
++ { // to verify readCookies doesn't mutate its input
393 c
:= readCookies(tt
.Header
, tt
.Filter
)
394 if !reflect
.DeepEqual(c
, tt
.Cookies
) {
395 t
.Errorf("#%d readCookies:\nhave: %s\nwant: %s\n", i
, toJSON(c
), toJSON(tt
.Cookies
))
402 func TestSetCookieDoubleQuotes(t
*testing
.T
) {
403 res
:= &Response
{Header
: Header
{}}
404 res
.Header
.Add("Set-Cookie", `quoted0=none; max-age=30`)
405 res
.Header
.Add("Set-Cookie", `quoted1="cookieValue"; max-age=31`)
406 res
.Header
.Add("Set-Cookie", `quoted2=cookieAV; max-age="32"`)
407 res
.Header
.Add("Set-Cookie", `quoted3="both"; max-age="33"`)
410 {Name
: "quoted0", Value
: "none", MaxAge
: 30},
411 {Name
: "quoted1", Value
: "cookieValue", MaxAge
: 31},
412 {Name
: "quoted2", Value
: "cookieAV"},
413 {Name
: "quoted3", Value
: "both"},
415 if len(got
) != len(want
) {
416 t
.Fatalf("got %d cookies, want %d", len(got
), len(want
))
418 for i
, w
:= range want
{
420 if g
.Name
!= w
.Name || g
.Value
!= w
.Value || g
.MaxAge
!= w
.MaxAge
{
421 t
.Errorf("cookie #%d:\ngot %v\nwant %v", i
, g
, w
)
426 func TestCookieSanitizeValue(t
*testing
.T
) {
427 defer log
.SetOutput(os
.Stderr
)
428 var logbuf bytes
.Buffer
429 log
.SetOutput(&logbuf
)
435 {"foo;bar", "foobar"},
436 {"foo\\bar", "foobar"},
437 {"foo\"bar", "foobar"},
438 {"\x00\x7e\x7f\x80", "\x7e"},
439 {`"withquotes"`, "withquotes"},
447 for _
, tt
:= range tests
{
448 if got
:= sanitizeCookieValue(tt
.in
); got
!= tt
.want
{
449 t
.Errorf("sanitizeCookieValue(%q) = %q; want %q", tt
.in
, got
, tt
.want
)
453 if got
, sub
:= logbuf
.String(), "dropping invalid bytes"; !strings
.Contains(got
, sub
) {
454 t
.Errorf("Expected substring %q in log output. Got:\n%s", sub
, got
)
458 func TestCookieSanitizePath(t
*testing
.T
) {
459 defer log
.SetOutput(os
.Stderr
)
460 var logbuf bytes
.Buffer
461 log
.SetOutput(&logbuf
)
467 {"/path with space/", "/path with space/"},
468 {"/just;no;semicolon\x00orstuff/", "/justnosemicolonorstuff/"},
470 for _
, tt
:= range tests
{
471 if got
:= sanitizeCookiePath(tt
.in
); got
!= tt
.want
{
472 t
.Errorf("sanitizeCookiePath(%q) = %q; want %q", tt
.in
, got
, tt
.want
)
476 if got
, sub
:= logbuf
.String(), "dropping invalid bytes"; !strings
.Contains(got
, sub
) {
477 t
.Errorf("Expected substring %q in log output. Got:\n%s", sub
, got
)
481 func BenchmarkCookieString(b
*testing
.B
) {
482 const wantCookieString
= `cookie-9=i3e01nf61b6t23bvfmplnanol3; Path=/restricted/; Domain=example.com; Expires=Tue, 10 Nov 2009 23:00:00 GMT; Max-Age=3600`
485 Value
: "i3e01nf61b6t23bvfmplnanol3",
486 Expires
: time
.Unix(1257894000, 0),
487 Path
: "/restricted/",
488 Domain
: ".example.com",
491 var benchmarkCookieString
string
494 for i
:= 0; i
< b
.N
; i
++ {
495 benchmarkCookieString
= c
.String()
497 if have
, want
:= benchmarkCookieString
, wantCookieString
; have
!= want
{
498 b
.Fatalf("Have: %v Want: %v", have
, want
)
502 func BenchmarkReadSetCookies(b
*testing
.B
) {
505 "NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly",
506 ".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly",
509 wantCookies
:= []*Cookie
{
512 Value
: "99=YsDT5i3E-CXax-",
514 Domain
: ".google.ch",
516 Expires
: time
.Date(2011, 11, 23, 1, 5, 3, 0, time
.UTC
),
517 RawExpires
: "Wed, 23-Nov-2011 01:05:03 GMT",
518 Raw
: "NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly",
524 Expires
: time
.Date(2012, 3, 7, 14, 25, 6, 0, time
.UTC
),
525 RawExpires
: "Wed, 07-Mar-2012 14:25:06 GMT",
527 Raw
: ".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly",
533 for i
:= 0; i
< b
.N
; i
++ {
534 c
= readSetCookies(header
)
536 if !reflect
.DeepEqual(c
, wantCookies
) {
537 b
.Fatalf("readSetCookies:\nhave: %s\nwant: %s\n", toJSON(c
), toJSON(wantCookies
))
541 func BenchmarkReadCookies(b
*testing
.B
) {
544 `de=; client_region=0; rpld1=0:hispeed.ch|20:che|21:zh|22:zurich|23:47.36|24:8.53|; rpld0=1:08|; backplane-channel=newspaper.com:1471; devicetype=0; osfam=0; rplmct=2; s_pers=%20s_vmonthnum%3D1472680800496%2526vn%253D1%7C1472680800496%3B%20s_nr%3D1471686767664-New%7C1474278767664%3B%20s_lv%3D1471686767669%7C1566294767669%3B%20s_lv_s%3DFirst%2520Visit%7C1471688567669%3B%20s_monthinvisit%3Dtrue%7C1471688567677%3B%20gvp_p5%3Dsports%253Ablog%253Aearly-lead%2520-%2520184693%2520-%252020160820%2520-%2520u-s%7C1471688567681%3B%20gvp_p51%3Dwp%2520-%2520sports%7C1471688567684%3B; s_sess=%20s_wp_ep%3Dhomepage%3B%20s._ref%3Dhttps%253A%252F%252Fwww.google.ch%252F%3B%20s_cc%3Dtrue%3B%20s_ppvl%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_ppv%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-s-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_dslv%3DFirst%2520Visit%3B%20s_sq%3Dwpninewspapercom%253D%252526pid%25253Dsports%2525253Ablog%2525253Aearly-lead%25252520-%25252520184693%25252520-%2525252020160820%25252520-%25252520u-s%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.newspaper.com%2525252F%2525253Fnid%2525253Dmenu_nav_homepage%252526ot%25253DA%3B`,
547 wantCookies
:= []*Cookie
{
548 {Name
: "de", Value
: ""},
549 {Name
: "client_region", Value
: "0"},
550 {Name
: "rpld1", Value
: "0:hispeed.ch|20:che|21:zh|22:zurich|23:47.36|24:8.53|"},
551 {Name
: "rpld0", Value
: "1:08|"},
552 {Name
: "backplane-channel", Value
: "newspaper.com:1471"},
553 {Name
: "devicetype", Value
: "0"},
554 {Name
: "osfam", Value
: "0"},
555 {Name
: "rplmct", Value
: "2"},
556 {Name
: "s_pers", Value
: "%20s_vmonthnum%3D1472680800496%2526vn%253D1%7C1472680800496%3B%20s_nr%3D1471686767664-New%7C1474278767664%3B%20s_lv%3D1471686767669%7C1566294767669%3B%20s_lv_s%3DFirst%2520Visit%7C1471688567669%3B%20s_monthinvisit%3Dtrue%7C1471688567677%3B%20gvp_p5%3Dsports%253Ablog%253Aearly-lead%2520-%2520184693%2520-%252020160820%2520-%2520u-s%7C1471688567681%3B%20gvp_p51%3Dwp%2520-%2520sports%7C1471688567684%3B"},
557 {Name
: "s_sess", Value
: "%20s_wp_ep%3Dhomepage%3B%20s._ref%3Dhttps%253A%252F%252Fwww.google.ch%252F%3B%20s_cc%3Dtrue%3B%20s_ppvl%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_ppv%3Dsports%25253Ablog%25253Aearly-lead%252520-%252520184693%252520-%25252020160820%252520-%252520u-s-lawyer%252C12%252C12%252C502%252C1231%252C502%252C1680%252C1050%252C2%252CP%3B%20s_dslv%3DFirst%2520Visit%3B%20s_sq%3Dwpninewspapercom%253D%252526pid%25253Dsports%2525253Ablog%2525253Aearly-lead%25252520-%25252520184693%25252520-%2525252020160820%25252520-%25252520u-s%252526pidt%25253D1%252526oid%25253Dhttps%2525253A%2525252F%2525252Fwww.newspaper.com%2525252F%2525253Fnid%2525253Dmenu_nav_homepage%252526ot%25253DA%3B"},
562 for i
:= 0; i
< b
.N
; i
++ {
563 c
= readCookies(header
, "")
565 if !reflect
.DeepEqual(c
, wantCookies
) {
566 b
.Fatalf("readCookies:\nhave: %s\nwant: %s\n", toJSON(c
), toJSON(wantCookies
))