Cherry pick of CL 130855, done manually to avoid a merge conflict on the test.
Fixes#27085
Change-Id: I7c4939cf5db23253a824c46c3f00fab4edec86b4
Reviewed-on: https://go-review.googlesource.com/c/146797
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Since that method uses `mux.m`, we need to lock the mutex to avoid data races.
Fixes#27129
Change-Id: I998448a6e482b5d6a1b24f3354bb824906e23172
Reviewed-on: https://go-review.googlesource.com/95775
Reviewed-by: Andrew Bonventre <andybons@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
A very small number of old browsers consider content as HTML
even when it is explicitly stated in the Content-Type header
that it is not. If content served is based on user-supplied
input, then an XSS is possible. Introduce three mitigations:
+ Don't reflect user input in error strings
+ Set a Content-Disposition header when requesting a resource
that should never be displayed in a browser window
+ Set X-Content-Type-Options: nosniff on all responses
Change-Id: I81c9d6736e0439ebd1db99cd7fb701cc56d24805
Reviewed-on: https://go-review.googlesource.com/102318
Run-TryBot: Andrew Bonventre <andybons@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/103218
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Handlers can be registered for specific hosts by specifying the host as
part of the mux pattern. If a trailing slash route is registered for
these host-based patterns, shouldRedirect should indicate that
a redirect is required.
This change modifies shouldRedirect to also take the host of the
request, and now considers host-based patterns while determining if
a request should be redirected.
Fixes#23183
Change-Id: If8753e130d5d877acdc55344833e3b289bbed2b4
Reviewed-on: https://go-review.googlesource.com/84695
Reviewed-by: Kunpei Sakai <namusyaka@gmail.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Tom Bergan <tombergan@google.com>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
The net/http Transport was testing for a sentinel x/net/http2 error
value with ==, which meant it was only testing the bundled version. If
a user enabled http2 via golang.org/x/net/http2, the error value had a
different name.
This also updates the bundled x/net/http2 to git rev ab555f36 for:
http2: add internal function isNoCachedConnError to test for ErrNoCachedConn
https://golang.org/cl/87297Fixes#22091
Change-Id: I3fb85e2b7ba7d145dd66767e1795a56de633958c
Reviewed-on: https://go-review.googlesource.com/87298
Reviewed-by: Tom Bergan <tombergan@google.com>
Also vendors x/net/http git rev 42fe2e1c for:
http2: don't check WriteHeader status if we've already sent the header
https://golang.org/cl/86255Fixes#23010
Change-Id: I4f3dd63acb52d5a34a0350aaf847a7a376d6968f
Reviewed-on: https://go-review.googlesource.com/86275
Reviewed-by: Ian Lance Taylor <iant@golang.org>
The docs were too specific. Make it vaguer. There are conditions for
which the Transport will try to reuse a connection anyway, even if the
Response Body isn't read to EOF or closed, but we don't need to get
into all the details in the docs.
Fixes#22954
Change-Id: I3b8ae32aeb1a61b396d0026e129552afbfecceec
Reviewed-on: https://go-review.googlesource.com/86276
Reviewed-by: Ian Lance Taylor <iant@golang.org>
I don't know why these errors occur. Ignore them to avoid breaking the
build.
Updates #22019
Change-Id: Ia048e6d9b928e8e237b311ff3a364e7a23af4aa4
Reviewed-on: https://go-review.googlesource.com/86000
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
We retrieve an error using getsockopt with SO_ERROR. We were reporting
the error as coming from "getsockopt", but really it is coming from
"connect". It is not getsockopt that failed.
Fixes#19302
Change-Id: I510ab76e4b04c70cd9dfdfc46d9a410bf653d017
Reviewed-on: https://go-review.googlesource.com/85997
Run-TryBot: Ian Lance Taylor <iant@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Modify the regex in TestLinuxSendfile to not match the parameters of
the syscall, just its name and the opening parenthesis. This is enough
to recognize that the syscall was invoked.
This fixes the TestLinuxSendfile test when running in Clear Linux,
where strace always execute with -yy implied, having output with extra
information in the parameters:
[pid 5336] sendfile(6<TCP:[127.0.0.1:35007->127.0.0.1:55170]>, 8</home/c/src/go/src/net/http/testdata/index.html>, NULL, 22) = 22
Change-Id: If7639b785d5fdf65fae8e6149a97a57b06ea981c
Reviewed-on: https://go-review.googlesource.com/85657
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
this solution as it stands doesn't work with
non-english device names (golang/go#23191 (which has a fix))
and names some devices differently (golang/go#23153) probably due to the
fact that this test previously only ran on Server 2008.
Re-opens golang/go#20073
Change-Id: I5c36774ddd85ac07620b4015372d564acbb169ad
Reviewed-on: https://go-review.googlesource.com/85315
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
Parts of TestUDPConnSpecificMethods and TestWriteToUDP fail, because
UDPConn.WriteMsgUDP is broken on Windows XP. UDPConn.WriteMsgUDP uses
Windows WSASendMsg API, but that call is not implemented on Windows XP (see
https://msdn.microsoft.com/en-us/library/windows/desktop/ms741692(v=vs.85).aspx
for details)
Update #23072
Change-Id: I4e8f149bc62bd87cd7c199e6832b9ce479af0a3e
Reviewed-on: https://go-review.googlesource.com/83077
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This essentially applies https://golang.org/cl/81636 to the net package.
The full truth seems too complicated to write in this method's doc, so
I'm going with a simple half truth.
The full truth is that File returns the descriptor in blocking mode,
because that is historically how it worked, and existing programs
would be surprised if the descriptor is suddenly non-blocking. On Unix
systems whether a socket is non-blocking or not is a property of the
underlying file description, not of a particular file descriptor, so
changing the returned descriptor to blocking mode also changes the
existing socket to blocking mode. Blocking mode works fine, althoug I/O
operations now take up a thread. SetDeadline and friends rely on the
runtime poller, and the runtime poller only works if the descriptor is
non-blocking. So it's correct that calling File disables SetDeadline.
The other half of the truth is that if the program is willing to work
with a non-blocking descriptor, it could call
syscall.SetNonblock(f.Fd(), true) to change the descriptor, and
the original socket, to non-blocking mode. At that point SetDeadline
would start working again. I tried to write that in a way that is
short and comprehensible but failed. Since we now have the RawConn
approach to frobbing the descriptor, and hopefully most people can use
that rather than calling File, I decided to punt.
Updates #22934Fixes#21862
Change-Id: If269da762f6f5a88c334e7b6d6f3998f7e10b11e
Reviewed-on: https://go-review.googlesource.com/82915
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This test has been getting occasional timeouts on the race builder.
The point of the test is whether a file descriptor leaks, not whether
the connection occurs in a certain amount of time. So use a very large
timeout. The connection is normally fast and the timeout doesn't matter.
Updates #13324
Change-Id: Ie1051c4a0be1fca4e63b1277101770be0cdae512
Reviewed-on: https://go-review.googlesource.com/82916
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
The DNS code can start goroutines and not wait for them to complete.
This does no harm, but in tests this can cause a race condition with
the test hooks that are installed and unintalled around the tests.
Add a WaitGroup that tests of DNS can use to avoid the race.
Fixes#21090
Change-Id: I6c1443a9c2378e8b89d0ab1d6390c0e3e726b0ce
Reviewed-on: https://go-review.googlesource.com/82795
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
I can reproduce with a very short timeout (fractions of a millisecond)
combined with -race.
But given that this is inherently sensitive to actual time, add a
testing mechanism to retry with increasingly large times to compensate
for busy buidlers. This also means the test is usually faster now,
too, since we can start with smaller durations.
Fixes#19608
Change-Id: I3a222464720195849da768e9801eb7b43baa4aeb
Reviewed-on: https://go-review.googlesource.com/82595
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
They do not convert a plural into a singular.
(Introduced recently, in CL 77050.)
Change-Id: I3b6c4d03b1866d4133e90b8ab05e8d4bfbd55125
Reviewed-on: https://go-review.googlesource.com/82078
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Historically, DetectContentType has returned "text/plain; charset=utf-8"
for an empty body, there was a test for this, and there should continue
to be one.
CL 46631 changed the content-serving handlers to avoid setting any
Content-Type header when serving empty content. Even if that change
in behavior is correct, the CL is explicitly not changing DetectContentType,
so it must also not change DetectContentType's tests.
Change-Id: I7a19c9fabb43be47e349b40e729e49fceb3f2894
Reviewed-on: https://go-review.googlesource.com/82077
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
The previous implementation of net.Pipe was just a thin wrapper around
io.Pipe and did not wrap any of the io.Pipe errors as net.Errors.
As a result of Hyrum's law, users have come to depend on the fact that
net.Pipe returns io.ErrClosedPipe when the pipe is closed.
Thus, we preserve this behavior to avoid regressing such use cases.
Change-Id: I06b387877b944c1c08527601f58983872b7557b4
Reviewed-on: https://go-review.googlesource.com/81777
Run-TryBot: Joe Tsai <thebrokentoaster@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
That Parse doesn't parse ("foo.com/path" or "foo.com:443/path") has
become something of a FAQ.
Updates #19779
Updates #21415
Updates #22955
Change-Id: Ib68efddb67f59b1374e8ed94effd4a326988dee7
Reviewed-on: https://go-review.googlesource.com/81436
Reviewed-by: Ian Lance Taylor <iant@golang.org>
This reverts commit 08f19bbde1.
Reason for revert:
The changed transformation takes effect on a larger set
of code snippets than expected.
For example, this:
func foo() {
// Comment
bar()
}
becomes:
func foo() {
// Comment
bar()
}
This is an unintended consequence.
Change-Id: Ifca88d6267dab8a8170791f7205124712bf8ace8
Reviewed-on: https://go-review.googlesource.com/81335
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Joe Tsai <joetsai@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
If there are no more requests being made, wait to shut down
the response-writing codec until the pending requests are all
answered.
Fixes#17239.
Change-Id: Ie62c63ada536171df4e70b73c95f98f778069972
Reviewed-on: https://go-review.googlesource.com/79515
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Rob Pike <r@golang.org>
This change drops the support for FreeBSD 9 or below and simplifies
platform-dependent code for the sake of maintenance.
Updates #7187.
Fixes#11412.
Updates #16064.
Updates #18854.
Fixes#19072.
Change-Id: I9129130aafbfc7d0d7e9b674b6fc6cb31b7381be
Reviewed-on: https://go-review.googlesource.com/64910
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Apparently 4 kB is not enough for some people.
Fixes#21674.
Change-Id: If39eeb225d548b578560939f6ce51e31060f5aff
Reviewed-on: https://go-review.googlesource.com/79516
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Panic if an http Handler does:
rw.WriteHeader(0)
... or other invalid values. (for a forgiving range of valid)
I previously made it kinda work in https://golang.org/cl/19130 but
there's no good way to fake it in HTTP/2, and we want HTTP/1 and
HTTP/2 behavior to be the same, regardless of what programs do.
Currently HTTP/2 omitted the :status header altogether, which was a
protocol violation. In fixing that, I found CL 19130 added a test
about bogus WriteHeader values with the comment:
// This might change at some point, but not yet in Go 1.6.
This now changes. Time to be strict.
Updates golang/go#228800
Change-Id: I20eb6c0e514a31f4bba305ac4c24266f39b95fd5
Reviewed-on: https://go-review.googlesource.com/80077
Reviewed-by: Tom Bergan <tombergan@google.com>
Previously, golang.org/cl/75350 updated ReadMIMEHeader to ignore the
first header line when it begins with a leading space, as in the
following example:
GET / HTTP/1.1
Host: foo.com
Accept-Encoding: gzip
However, golang.org/cl/75350 changed ReadMIMEHeader's behavior for the
following example: before the CL it returned an error, but after the
CL it ignored the first line.
GET / HTTP/1.1
Host foo.com
Accept-Encoding: gzip
This change updates ReadMIMEHeader to always fail when the first header
line starts with a space. During the discussion for golang.org/cl/75350,
we realized we had three competing needs:
1. HTTP clients should accept malformed response headers when possible
(ignoring the malformed lines).
2. HTTP servers should reject all malformed request headers.
3. The net/textproto package is used by multiple protocols (most notably,
HTTP and SMTP) which have slightly different parsing semantics. This
complicates changes to net/textproto.
We weren't sure how to best fix net/textproto without an API change, but
it is too late for API changes in Go 1.10. We decided to ignore initial
lines that begin with spaces, thinking that would have the least impact on
existing users -- malformed headers would continue to parse, but the
initial lines would be ignored. Instead, golang.org/cl/75350 actually
changed ReadMIMEHeader to succeed in cases where it previously failed
(as in the above example).
Reconsidering the above two examples, there does not seem to be a good
argument to silently ignore ` Host: foo.com` but fail on ` Host foo.com`.
Hence, this change fails for *all* headers where the initial line begins
with a space.
Updates #22464
Change-Id: I68d3d190489c350b0bc1549735bf6593fe11a94c
Reviewed-on: https://go-review.googlesource.com/80055
Run-TryBot: Tom Bergan <tombergan@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
It appears that TransmitFile Windows API does not work with Windows
pipes. So just copy data from pipe and into TCP connection manually.
Fixes#22278
Change-Id: I4810caca5345eac5bffb3176956689b8ae993256
Reviewed-on: https://go-review.googlesource.com/79775
Run-TryBot: Alex Brainman <alex.brainman@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
CL 79555 added TestLookupLongTXT. However, this test is
failing on Plan 9, because the DNS resolver (ndb/dns)
only returns a single TXT record.
Updates #22857.
Change-Id: I33cdc63a3d3de4d1c7f2684934316c44992fb9e2
Reviewed-on: https://go-review.googlesource.com/79695
Run-TryBot: David du Colombier <0intro@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Ian Lance Taylor
Damien Mathieu
Andrew Bonventre
Mikio Hara
Kunpei Sakai
Terin Stock
Brad Fitzpatrick
Caio Marcelo de Oliveira Filho
Jeff Johnson
Alex Brainman
Joe Kyo
Artyom Pervukhin
Russ Cox
Joe Tsai
Tim Heckman
Joe Tsai
Tom Bergan
David du Colombier