Cookie 中的secure和httponly屬性
Golang中net/http
的Cookie結構體:
// A Cookie represents an HTTP cookie as sent in the Set-Cookie header of an // HTTP response or the Cookie header of an HTTP request. // // See https://tools.ietf.org/html/rfc6265 for details. type Cookie struct { Namestring Value string Pathstring// optional Domainstring// optional Expirestime.Time // optional RawExpires string// for reading cookies only // MaxAge=0 means no 'Max-Age' attribute specified. // MaxAge<0 means delete cookie now, equivalently 'Max-Age: 0' // MaxAge>0 means Max-Age attribute present and given in seconds MaxAgeint Securebool HttpOnly bool SameSite SameSite Rawstring Unparsed []string // Raw text of unparsed attribute-value pairs }
其中有Secure
和HttpOnly
兩個屬性,我們開啟結構體上附加的註釋,可以查閱到:
Secure HttpOnly
- ofollow,noindex" target="_blank">https://tools.ietf.org/html/rfc6265