net/http: allow zero-valued Expires in Cookie.Valid

The value of Expires is only checked when a value is set.

This fixes the bug that a cookie with a zero-valued Expire
was considered invalid, even though Expires is an optional
field.

Fixes #52989

Change-Id: I206c50e9b6ea2744a92c74673d589ce2aaa62670
Reviewed-on: https://go-review.googlesource.com/c/go/+/407654
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

src/net/http/cookie.go

@@ -247,7 +247,7 @@ func (c *Cookie) Valid() error {
 	if !isCookieNameValid(c.Name) {
 		return errors.New("http: invalid Cookie.Name")
 	}
-	if !validCookieExpires(c.Expires) {
+	if !c.Expires.IsZero() && !validCookieExpires(c.Expires) {
 		return errors.New("http: invalid Cookie.Expires")
 	}
 	for i := 0; i < len(c.Value); i++ {

src/net/http/cookie_test.go

@@ -542,11 +542,14 @@ func TestCookieValid(t *testing.T) {
 	}{
 		{nil, false},
 		{&Cookie{Name: ""}, false},
-		{&Cookie{Name: "invalid-expires"}, false},
 		{&Cookie{Name: "invalid-value", Value: "foo\"bar"}, false},
 		{&Cookie{Name: "invalid-path", Path: "/foo;bar/"}, false},
 		{&Cookie{Name: "invalid-domain", Domain: "example.com:80"}, false},
-		{&Cookie{Name: "valid", Value: "foo", Path: "/bar", Domain: "example.com", Expires: time.Unix(0, 0)}, true},
+		{&Cookie{Name: "invalid-expiry", Value: "", Expires: time.Date(1600, 1, 1, 1, 1, 1, 1, time.UTC)}, false},
+		{&Cookie{Name: "valid-empty"}, true},
+		{&Cookie{Name: "valid-expires", Value: "foo", Path: "/bar", Domain: "example.com", Expires: time.Unix(0, 0)}, true},
+		{&Cookie{Name: "valid-max-age", Value: "foo", Path: "/bar", Domain: "example.com", MaxAge: 60}, true},
+		{&Cookie{Name: "valid-all-fields", Value: "foo", Path: "/bar", Domain: "example.com", Expires: time.Unix(0, 0), MaxAge: 0}, true},
 	}
 
 	for _, tt := range tests {