| blob | cf522488c15d68470ac13f715c42c1e041066e80 |
1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 package http
8 "bytes"
9 "log"
10 "net"
11 "strconv"
12 "strings"
13 "time"
14 )
16 // A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an
17 // HTTP response or the Cookie header of an HTTP request.
18 //
19 // See http://tools.ietf.org/html/rfc6265 for details.
21 Name string
22 Value string
29 // MaxAge=0 means no 'Max-Age' attribute specified.
30 // MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0'
31 // MaxAge>0 means Max-Age attribute present and given in seconds
32 MaxAge int
33 Secure bool
34 HttpOnly bool
35 Raw string
37 }
39 // readSetCookies parses all "Set-Cookie" values from
40 // the header h and returns the successfully parsed Cookies.
45 }
50 continue
51 }
55 continue
56 }
59 continue
60 }
63 continue
64 }
69 }
73 continue
74 }
79 }
84 continue
85 }
89 continue
92 continue
95 continue
99 break
100 }
103 }
105 continue
113 break
114 }
115 }
117 continue
120 continue
121 }
123 }
125 }
126 return cookies
127 }
129 // SetCookie adds a Set-Cookie header to the provided ResponseWriter's headers.
130 // The provided cookie must have a valid Name. Invalid cookies may be
131 // silently dropped.
135 }
136 }
138 // String returns the serialization of the cookie for use in a Cookie
139 // header (if only Name and Value are set) or a Set-Cookie response
140 // header (if other fields are set).
141 // If c is nil or c.Name is invalid, the empty string is returned.
145 }
154 }
157 // A c.Domain containing illegal characters is not
158 // sanitized but simply dropped which turns the cookie
159 // into a host-only cookie. A leading dot is okay
160 // but won't be sent.
164 }
169 }
170 }
176 }
184 }
187 }
190 }
192 }
194 // readCookies parses all "Cookie" values from the header h and
195 // returns the successfully parsed Cookies.
196 //
197 // if filter isn't empty, only cookies of that name are returned
202 }
208 continue
209 }
210 // Per-line attributes
215 continue
216 }
220 }
222 continue
223 }
225 continue
226 }
229 continue
230 }
232 parsedPairs++
233 }
234 }
235 return cookies
236 }
238 // validCookieDomain returns whether v is a valid cookie domain-value.
242 }
245 }
247 }
249 // validCookieExpires returns whether v is a valid cookie expires-value.
251 // IETF RFC 6265 Section 5.1.1.5, the year must not be less than 1601
253 }
255 // isCookieDomainName returns whether s is a valid domain name or a valid
256 // domain name with a leading dot '.'. It is almost a direct copy of
257 // package net's isDomainName.
261 }
264 }
267 // A cookie a domain attribute may start with a leading dot.
269 }
279 // No '_' allowed here (in contrast to package net).
281 partlen++
283 // fine
284 partlen++
286 // Byte before dash cannot be dot.
289 }
290 partlen++
292 // Byte before dot cannot be dot, dash.
295 }
298 }
300 }
301 last = c
302 }
305 }
307 return ok
308 }
314 }
316 // http://tools.ietf.org/html/rfc6265#section-4.1.1
317 // cookie-value = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
318 // cookie-octet = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
319 // ; US-ASCII characters excluding CTLs,
320 // ; whitespace DQUOTE, comma, semicolon,
321 // ; and backslash
322 // We loosen this as spaces and commas are common in cookie values
323 // but we produce a quoted cookie-value in when value starts or ends
324 // with a comma or space.
325 // See https://golang.org/issue/7243 for the discussion.
329 return v
330 }
333 }
334 return v
335 }
339 }
341 // path-av = "Path=" path-value
342 // path-value = <any CHAR except CTLs or ";">
345 }
349 }
355 continue
356 }
359 break
360 }
362 return v
363 }
368 }
369 }
371 }
374 // Strip the quotes, if present.
377 }
381 }
382 }
384 }
389 }
391 }