1 // Copyright 2010 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
19 var writeSetCookiesTests = []struct {
24 &Cookie{Name: "cookie-1", Value: "v$1"},
28 &Cookie{Name: "cookie-2", Value: "two", MaxAge: 3600},
29 "cookie-2=two; Max-Age=3600",
32 &Cookie{Name: "cookie-3", Value: "three", Domain: ".example.com"},
33 "cookie-3=three; Domain=example.com",
36 &Cookie{Name: "cookie-4", Value: "four", Path: "/restricted/"},
37 "cookie-4=four; Path=/restricted/",
40 &Cookie{Name: "cookie-5", Value: "five", Domain: "wrong;bad.abc"},
44 &Cookie{Name: "cookie-6", Value: "six", Domain: "bad-.abc"},
48 &Cookie{Name: "cookie-7", Value: "seven", Domain: "127.0.0.1"},
49 "cookie-7=seven; Domain=127.0.0.1",
52 &Cookie{Name: "cookie-8", Value: "eight", Domain: "::1"},
55 // The "special" cookies have values containing commas or spaces which
56 // are disallowed by RFC 6265 but are common in the wild.
58 &Cookie{Name: "special-1", Value: "a z"},
62 &Cookie{Name: "special-2", Value: " z"},
66 &Cookie{Name: "special-3", Value: "a "},
70 &Cookie{Name: "special-4", Value: " "},
74 &Cookie{Name: "special-5", Value: "a,z"},
78 &Cookie{Name: "special-6", Value: ",z"},
82 &Cookie{Name: "special-7", Value: "a,"},
86 &Cookie{Name: "special-8", Value: ","},
90 &Cookie{Name: "empty-value", Value: ""},
95 func TestWriteSetCookies(t *testing.T) {
96 defer log.SetOutput(os.Stderr)
97 var logbuf bytes.Buffer
98 log.SetOutput(&logbuf)
100 for i, tt := range writeSetCookiesTests {
101 if g, e := tt.Cookie.String(), tt.Raw; g != e {
102 t.Errorf("Test %d, expecting:\n%s\nGot:\n%s\n", i, e, g)
107 if got, sub := logbuf.String(), "dropping domain attribute"; !strings.Contains(got, sub) {
108 t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got)
112 type headerOnlyResponseWriter Header
114 func (ho headerOnlyResponseWriter) Header() Header {
118 func (ho headerOnlyResponseWriter) Write([]byte) (int, error) {
122 func (ho headerOnlyResponseWriter) WriteHeader(int) {
126 func TestSetCookie(t *testing.T) {
128 SetCookie(headerOnlyResponseWriter(m), &Cookie{Name: "cookie-1", Value: "one", Path: "/restricted/"})
129 SetCookie(headerOnlyResponseWriter(m), &Cookie{Name: "cookie-2", Value: "two", MaxAge: 3600})
130 if l := len(m["Set-Cookie"]); l != 2 {
131 t.Fatalf("expected %d cookies, got %d", 2, l)
133 if g, e := m["Set-Cookie"][0], "cookie-1=one; Path=/restricted/"; g != e {
134 t.Errorf("cookie #1: want %q, got %q", e, g)
136 if g, e := m["Set-Cookie"][1], "cookie-2=two; Max-Age=3600"; g != e {
137 t.Errorf("cookie #2: want %q, got %q", e, g)
141 var addCookieTests = []struct {
150 []*Cookie{{Name: "cookie-1", Value: "v$1"}},
155 {Name: "cookie-1", Value: "v$1"},
156 {Name: "cookie-2", Value: "v$2"},
157 {Name: "cookie-3", Value: "v$3"},
159 "cookie-1=v$1; cookie-2=v$2; cookie-3=v$3",
163 func TestAddCookie(t *testing.T) {
164 for i, tt := range addCookieTests {
165 req, _ := NewRequest("GET", "http://example.com/", nil)
166 for _, c := range tt.Cookies {
169 if g := req.Header.Get("Cookie"); g != tt.Raw {
170 t.Errorf("Test %d:\nwant: %s\n got: %s\n", i, tt.Raw, g)
176 var readSetCookiesTests = []struct {
181 Header{"Set-Cookie": {"Cookie-1=v$1"}},
182 []*Cookie{{Name: "Cookie-1", Value: "v$1", Raw: "Cookie-1=v$1"}},
185 Header{"Set-Cookie": {"NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly"}},
188 Value: "99=YsDT5i3E-CXax-",
190 Domain: ".google.ch",
192 Expires: time.Date(2011, 11, 23, 1, 5, 3, 0, time.UTC),
193 RawExpires: "Wed, 23-Nov-2011 01:05:03 GMT",
194 Raw: "NID=99=YsDT5i3E-CXax-; expires=Wed, 23-Nov-2011 01:05:03 GMT; path=/; domain=.google.ch; HttpOnly",
198 Header{"Set-Cookie": {".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}},
203 Expires: time.Date(2012, 3, 7, 14, 25, 6, 0, time.UTC),
204 RawExpires: "Wed, 07-Mar-2012 14:25:06 GMT",
206 Raw: ".ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly",
210 Header{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly"}},
212 Name: "ASP.NET_SessionId",
216 Raw: "ASP.NET_SessionId=foo; path=/; HttpOnly",
219 // Make sure we can properly read back the Set-Cookie headers we create
220 // for values containing spaces or commas:
222 Header{"Set-Cookie": {`special-1=a z`}},
223 []*Cookie{{Name: "special-1", Value: "a z", Raw: `special-1=a z`}},
226 Header{"Set-Cookie": {`special-2=" z"`}},
227 []*Cookie{{Name: "special-2", Value: " z", Raw: `special-2=" z"`}},
230 Header{"Set-Cookie": {`special-3="a "`}},
231 []*Cookie{{Name: "special-3", Value: "a ", Raw: `special-3="a "`}},
234 Header{"Set-Cookie": {`special-4=" "`}},
235 []*Cookie{{Name: "special-4", Value: " ", Raw: `special-4=" "`}},
238 Header{"Set-Cookie": {`special-5=a,z`}},
239 []*Cookie{{Name: "special-5", Value: "a,z", Raw: `special-5=a,z`}},
242 Header{"Set-Cookie": {`special-6=",z"`}},
243 []*Cookie{{Name: "special-6", Value: ",z", Raw: `special-6=",z"`}},
246 Header{"Set-Cookie": {`special-7=a,`}},
247 []*Cookie{{Name: "special-7", Value: "a,", Raw: `special-7=a,`}},
250 Header{"Set-Cookie": {`special-8=","`}},
251 []*Cookie{{Name: "special-8", Value: ",", Raw: `special-8=","`}},
254 // TODO(bradfitz): users have reported seeing this in the
255 // wild, but do browsers handle it? RFC 6265 just says "don't
256 // do that" (section 3) and then never mentions header folding
258 // Header{"Set-Cookie": {"ASP.NET_SessionId=foo; path=/; HttpOnly, .ASPXAUTH=7E3AA; expires=Wed, 07-Mar-2012 14:25:06 GMT; path=/; HttpOnly"}},
261 func toJSON(v interface{}) string {
262 b, err := json.Marshal(v)
264 return fmt.Sprintf("%#v", v)
269 func TestReadSetCookies(t *testing.T) {
270 for i, tt := range readSetCookiesTests {
271 for n := 0; n < 2; n++ { // to verify readSetCookies doesn't mutate its input
272 c := readSetCookies(tt.Header)
273 if !reflect.DeepEqual(c, tt.Cookies) {
274 t.Errorf("#%d readSetCookies: have\n%s\nwant\n%s\n", i, toJSON(c), toJSON(tt.Cookies))
281 var readCookiesTests = []struct {
287 Header{"Cookie": {"Cookie-1=v$1", "c2=v2"}},
290 {Name: "Cookie-1", Value: "v$1"},
291 {Name: "c2", Value: "v2"},
295 Header{"Cookie": {"Cookie-1=v$1", "c2=v2"}},
298 {Name: "c2", Value: "v2"},
302 Header{"Cookie": {"Cookie-1=v$1; c2=v2"}},
305 {Name: "Cookie-1", Value: "v$1"},
306 {Name: "c2", Value: "v2"},
310 Header{"Cookie": {"Cookie-1=v$1; c2=v2"}},
313 {Name: "c2", Value: "v2"},
318 func TestReadCookies(t *testing.T) {
319 for i, tt := range readCookiesTests {
320 for n := 0; n < 2; n++ { // to verify readCookies doesn't mutate its input
321 c := readCookies(tt.Header, tt.Filter)
322 if !reflect.DeepEqual(c, tt.Cookies) {
323 t.Errorf("#%d readCookies:\nhave: %s\nwant: %s\n", i, toJSON(c), toJSON(tt.Cookies))
330 func TestCookieSanitizeValue(t *testing.T) {
331 defer log.SetOutput(os.Stderr)
332 var logbuf bytes.Buffer
333 log.SetOutput(&logbuf)
339 {"foo;bar", "foobar"},
340 {"foo\\bar", "foobar"},
341 {"foo\"bar", "foobar"},
342 {"\x00\x7e\x7f\x80", "\x7e"},
343 {`"withquotes"`, "withquotes"},
348 for _, tt := range tests {
349 if got := sanitizeCookieValue(tt.in); got != tt.want {
350 t.Errorf("sanitizeCookieValue(%q) = %q; want %q", tt.in, got, tt.want)
354 if got, sub := logbuf.String(), "dropping invalid bytes"; !strings.Contains(got, sub) {
355 t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got)
359 func TestCookieSanitizePath(t *testing.T) {
360 defer log.SetOutput(os.Stderr)
361 var logbuf bytes.Buffer
362 log.SetOutput(&logbuf)
368 {"/path with space/", "/path with space/"},
369 {"/just;no;semicolon\x00orstuff/", "/justnosemicolonorstuff/"},
371 for _, tt := range tests {
372 if got := sanitizeCookiePath(tt.in); got != tt.want {
373 t.Errorf("sanitizeCookiePath(%q) = %q; want %q", tt.in, got, tt.want)
377 if got, sub := logbuf.String(), "dropping invalid bytes"; !strings.Contains(got, sub) {
378 t.Errorf("Expected substring %q in log output. Got:\n%s", sub, got)