From 0ada047371cf08c3e631dc01766041e7adeb6a7d Mon Sep 17 00:00:00 2001
From: darmiel <71837281+darmiel@users.noreply.github.com>
Date: Sun, 3 Apr 2022 02:30:47 +0200
Subject: [PATCH] net/http: trim cookie names

The current implementation ignores cookies where the cookie name starts or ends with a space:
name =value is ignored.
---
 src/net/http/cookie.go      | 2 ++
 src/net/http/cookie_test.go | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/src/net/http/cookie.go b/src/net/http/cookie.go
index 6e1035330b..1810790ac3 100644
--- a/src/net/http/cookie.go
+++ b/src/net/http/cookie.go
@@ -70,6 +70,7 @@ func readSetCookies(h Header) []*Cookie {
 		}
 		parts[0] = textproto.TrimString(parts[0])
 		name, value, ok := strings.Cut(parts[0], "=")
+		name = textproto.TrimString(name)
 		if !ok {
 			continue
 		}
@@ -291,6 +292,7 @@ func readCookies(h Header, filter string) []*Cookie {
 				continue
 			}
 			name, val, _ := strings.Cut(part, "=")
+			name = textproto.TrimString(name)
 			if !isCookieNameValid(name) {
 				continue
 			}
diff --git a/src/net/http/cookie_test.go b/src/net/http/cookie_test.go
index ccc5f98091..3c5c50b632 100644
--- a/src/net/http/cookie_test.go
+++ b/src/net/http/cookie_test.go
@@ -352,6 +352,10 @@ var readSetCookiesTests = []struct {
 		Header{"Set-Cookie": {`special-8=","`}},
 		[]*Cookie{{Name: "special-8", Value: ",", Raw: `special-8=","`}},
 	},
+	{
+		Header{"Set-Cookie": {`special-9 =","`}},
+		[]*Cookie{{Name: "special-9", Value: ",", Raw: `special-9 =","`}},
+	},
 
 	// TODO(bradfitz): users have reported seeing this in the
 	// wild, but do browsers handle it? RFC 6265 just says "don't