From 542693e00529fbb4248fac614ece68b127a5ec4d Mon Sep 17 00:00:00 2001
From: Roberto Clapis <roberto@golang.org>
Date: Tue, 22 Sep 2020 17:57:06 +0200
Subject: net/http: make SameSiteDefaultMode behavior match the specification

The current specification does not foresee a SameSite attribute without
a value. While the existing implementation would serialize SameSite in a
way that would likely be ignored by well-impelemented clients, it is
better to not rely on this kind of quirks.

Specification: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05#section-4.1.1

Fixes #36990

Change-Id: Ie51152741d7e84bab64d3e4e4f780286932acbde
Reviewed-on: https://go-review.googlesource.com/c/go/+/256498
Trust: Roberto Clapis <roberto@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
---
 src/net/http/cookie_test.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'src/net/http/cookie_test.go')

diff --git a/src/net/http/cookie_test.go b/src/net/http/cookie_test.go
index 9e8196ebce..959713a0dc 100644
--- a/src/net/http/cookie_test.go
+++ b/src/net/http/cookie_test.go
@@ -67,7 +67,7 @@ var writeSetCookiesTests = []struct {
 	},
 	{
 		&Cookie{Name: "cookie-12", Value: "samesite-default", SameSite: SameSiteDefaultMode},
-		"cookie-12=samesite-default; SameSite",
+		"cookie-12=samesite-default",
 	},
 	{
 		&Cookie{Name: "cookie-13", Value: "samesite-lax", SameSite: SameSiteLaxMode},
@@ -282,6 +282,15 @@ var readSetCookiesTests = []struct {
 			Raw:      "samesitedefault=foo; SameSite",
 		}},
 	},
+	{
+		Header{"Set-Cookie": {"samesiteinvalidisdefault=foo; SameSite=invalid"}},
+		[]*Cookie{{
+			Name:     "samesiteinvalidisdefault",
+			Value:    "foo",
+			SameSite: SameSiteDefaultMode,
+			Raw:      "samesiteinvalidisdefault=foo; SameSite=invalid",
+		}},
+	},
 	{
 		Header{"Set-Cookie": {"samesitelax=foo; SameSite=Lax"}},
 		[]*Cookie{{
-- 
cgit v1.2.1