x/pkgsite: net/http.Cookie appears to be misrendered

[mvdan]

What is the URL of the page with the issue?

https://pkg.go.dev/net/http#Cookie

What is your user agent?

Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0

Screenshot

What did you do?

I tried to view the Cookie type in the net/http package, by clicking on its name in the Index section.

That correctly points to https://pkg.go.dev/net/http#Cookie, but that does... Nothing. Manually scrolling to find the Cookie type shows that, for some reason, it got rendered adjacent to func (ConnState) String and without any anchor link or title.

What did you expect to see?

The anchor link should work, and the type should be rendered with a title or section header. For example, see CookieJar:

What did you see instead?

See the first screenshot above.

[mvdan]

Hm, I could not reproduce in Firefox with a new/empty profile. It seems like disabling the extension https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/ fixes the issue as well.

Here are the console logs from loading the page in Firefox with the extension, resulting in the broken UI:

Content-Security-Policy warnings 4
Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “http:” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: nonce-source or hash-source specified http
Source map error: Error: NetworkError when attempting to fetch resource.
Resource URL: moz-extension://013c5a20-db81-48da-b1ea-f655119f1698/model/static/DOMPurify/purify.min.js
Source Map URL: purify.min.js.map

And without the extension, where the UI is fine:

Content-Security-Policy warnings 4
Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “http:” within script-src: ‘strict-dynamic’ specified http
Content-Security-Policy: Ignoring “'unsafe-inline'” within script-src: nonce-source or hash-source specified http
Some cookies are misusing the recommended “SameSite“ attribute 13
Cookie “_gcl_au” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite gtm.js:221:914
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_gid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_gid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_ga_HL38R6X1Q3” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite 2 js:285:914
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite js:285:914
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_gid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_gid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_ga” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Cookie “_gid” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite analytics.js:27:576
Content-Security-Policy: The page’s settings blocked the loading of a resource at eval (“script-src”). 2 gtm.js:5:27
Source map error: Error: NetworkError when attempting to fetch resource.
Resource URL: moz-extension://013c5a20-db81-48da-b1ea-f655119f1698/model/static/DOMPurify/purify.min.js
Source Map URL: purify.min.js.map
Content-Security-Policy: The page’s settings blocked the loading of a resource at eval (“script-src”). gtm.js:5:27

[mvdan]

Indeed the adblocker's "cosmetic filters" are hiding the Cookie heading. Not sure how that is happening, but clearly not a pkgsite bug :)

[mvdan]

For the sake of completeness, it turned out that one of the filter lists considered the heading a "cookie notice annoyance" :) Oh dear. Disabled.

[mvdan]

Previously: https://github.com/golang/go/issues/59901

For those running into this in the future, the culprit was EasyList - Cookie Notices, which I've disabled now. It appears to be too aggressive, thinking that the Cookie header/section must be a browser cookie notice.