net/http: support cookie names with colon

[kayrus]

related to #7243

I've reviewed RFC 6265 but didn't find any statement that cookie value name should not contain comma.

I'm new to go and it was really hard to debug HTTPS (#12697) connection of site which uses commas in cookies' names. Quick fix looks like:

diff --git a/src/net/http/lex.go b/src/net/http/lex.go
index 50b14f8..1e6f3fa 100644
--- a/src/net/http/lex.go
+++ b/src/net/http/lex.go
@@ -32,6 +32,7 @@ var isTokenTable = [127]bool{
        '7':  true,
        '8':  true,
        '9':  true,
+       ':':  true,
        'A':  true,
        'B':  true,
        'C':  true,

[minux]

Of course cookie names can't contain ':'. http://tools.ietf.org/html/rfc6265#section-4.1.1 specifies that: set-cookie-header = "Set-Cookie:" SP set-cookie-string set-cookie-string = cookie-pair *( ";" SP cookie-av ) cookie-pair = cookie-name "=" cookie-value cookie-name = token Then in http://tools.ietf.org/html/rfc2616#section-2.2, token is specified as: token = 1*<any CHAR except CTLs or separators> separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT Notice that ':' is one of the separators not allowed in token.

[kayrus]

Ok, is there a way to avoid go source modification? Add something like exception? Why browsers parse commas inside cookie name but go doesn't?

[minux]

you can directly parse the Set-Cookie header. related #11519.

[kayrus]

It is not possible when you have several redirects.

[StalkR]

@kayrus you can if you work at transport level, see http://godoc.org/github.com/StalkR/misc/net/http/spacecookies for example