From 542693e00529fbb4248fac614ece68b127a5ec4d Mon Sep 17 00:00:00 2001 From: Roberto Clapis Date: Tue, 22 Sep 2020 17:57:06 +0200 Subject: net/http: make SameSiteDefaultMode behavior match the specification The current specification does not foresee a SameSite attribute without a value. While the existing implementation would serialize SameSite in a way that would likely be ignored by well-impelemented clients, it is better to not rely on this kind of quirks. Specification: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-4.1.1 Fixes #36990 Change-Id: Ie51152741d7e84bab64d3e4e4f780286932acbde Reviewed-on: https://go-review.googlesource.com/c/go/+/256498 Trust: Roberto Clapis Reviewed-by: Filippo Valsorda --- src/net/http/cookie.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/net/http/cookie.go') diff --git a/src/net/http/cookie.go b/src/net/http/cookie.go index d7a8f5e94e..141bc947f6 100644 --- a/src/net/http/cookie.go +++ b/src/net/http/cookie.go @@ -220,7 +220,7 @@ func (c *Cookie) String() string { } switch c.SameSite { case SameSiteDefaultMode: - b.WriteString("; SameSite") + // Skip, default mode is obtained by not emitting the attribute. case SameSiteNoneMode: b.WriteString("; SameSite=None") case SameSiteLaxMode: -- cgit v1.2.1