🐛 [Bug]: There is something weird with Fiber and the usage of Http lib for testing.

[jujur10]

Bug Description

You are using the HTTP library (https://docs.gofiber.io/api/app/#test) but some fiber features are not RFC compliant, example with cookies using the " character. You can't use HTTP library if you have to send (and the backend have to receive) a golang json structure.
If you want to stock data in cookies (very practical but non RFC compliant).

How to Reproduce

1. Make an OAuth2 login and callback entries.
2. Add data in the state field (for example make a structure).
3. With a modern navigator, you will see that the cookie works fine.
4. Try to make a test with HTTP. Like in the doc: https://docs.gofiber.io/api/app/#test
5. You will see that it is not possible to handle the test, because HTTP library doesn't support ".

Expected Behavior

The cookie with " are supposed to work.

Fiber Version

v2.52.5

Code Snippet (optional)

// addServiceToUser simulates adding a service to a user by invoking the OAuth callback endpoint.
func addServiceToUserTesting(app *fiber.App, sessionCookie *http.Cookie) error {
    // Simulate generating and setting the state
    mockState := StateData{
        State:             "test-state",
        RedirectURL:       "",
        StoreSessionInURL: false,
    }

    // Encode the state and redirect URI into JSON.
    value, err := sonic.Marshal(mockState)
    if err != nil {
        return fmt.Errorf("failed to marshall token: %s", err)
    }

    // Encode to base64 (in order to be able to use it in the backend).
    encodedState := base64.StdEncoding.EncodeToString(value)

    fullURL := fmt.Sprintf("/protected/oauth2/noServiceUsedForTesting/callback?code=test-code&state=%s",
        encodedState)

    // Create the HTTP request
    req, err := http.NewRequest("GET", fullURL, nil)
    if err != nil {
        return err
    }

    // Attach the session cookie for authentication
    if sessionCookie != nil {
        req.AddCookie(sessionCookie)
    }

    // OAuth handler checks for the state in a cookie, set it here
    req.AddCookie(&http.Cookie{
        Name:  "oauth_state",
        Value: encodedState,
    })

    // Perform the request
    resp, err := app.Test(req, -1)
    if err != nil {
        return err
    }
    ...
}

For this part:

    // OAuth handler checks for the state in a cookie, set it here
    req.AddCookie(&http.Cookie{
        Name:  "oauth_state",
        Value: encodedState,
    })

It is mandatory to convert to base 64 in order to handle the " in the backend.

Checklist:

• I agree to follow Fiber's Code of Conduct.
• I have checked for existing issues that describe my problem prior to opening this one.
• I understand that improperly formatted bug reports may be closed without explanation.

[welcome]

Thanks for opening your first issue here! 🎉 Be sure to follow the issue template! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord

[gaby]

@jujur10 I'm not following what the issue is from the code. You are sending a " inside the cookie value?

Can you provide a more simple reproducible example? Ican't copy/run what you provided.

[jujur10]

@gaby Yes, because in modern navigator and with fiber it is possible to have json into cookies but with http library, it is impossible to have " because (non RFC compliant). So in Fiber you can, but in http library you can't. So it is a nonsense to use HTTP lib for Fiber testing.

[jozsefsallai]

As a proper workaround (that doesn't involve turning the JSON data into base 64), you can try setting the Cookie header directly.

req.Header.Set("Cookie", "oauth_state="+string(marshaledState)) // add your other cookies

You can write a small cookie jar utility to make your life easier and avoid repetition (note that this is a very primitive implementation that doesn't do any checks/sanitization):

package main

import "net/http"

type CookieJar struct {
	cookies map[string]string
}

func NewCookieJar() *CookieJar {
	return &CookieJar{
		cookies: make(map[string]string),
	}
}

func (c *CookieJar) Set(key, value string) {
	c.cookies[key] = value
}

func (c *CookieJar) AddCookie(cookie *http.Cookie) {
	c.cookies[cookie.Name] = cookie.Value
}

func (c *CookieJar) Parse() string {
	var cookie string
	for key, value := range c.cookies {
		cookie += key + "=" + value + ";"
	}
	return cookie
}

func (c *CookieJar) AddToRequest(req *http.Request) {
	req.Header.Set("Cookie", c.Parse())
}

Usage in your tests:

cookiejar := NewCookieJar()

if sessionCookie != nil {
	cookiejar.AddCookie(sessionCookie)
}

cookiejar.Set("oauth_state", string(marshaledState))
cookiejar.AddToRequest(req)

---

As for the testing library, do you have any alternative in mind that Fiber could use instead of httptest? We figured httptest would be the best option since it's RFC-compliant and it's part of the Go standard library (meaning we won't have to add another dependency just for the sake of a testing function).

[gaby]

We should match whatever behavior net/http has for this.