• Ben Burkert's avatar
    net/http: ignore response body when forbidden by status code · 2da8a16c
    Ben Burkert authored
    A 1XX, 204, or 304 response may not include a response body according
    to RFC 7230, section 3.3.3. If a buggy server returns a 204 or 304
    response with a body that is chunked encoded, the invalid body is
    currently made readable in the Response. This can lead to data races due
    to the transport connection's read loop which does not wait for the body
    EOF when the response status is 204 or 304.
    
    The correct behavior is to ignore the body on a 204 or 304 response, and
    treat the body data as the beginning of the next request on the
    connection.
    
    Updates #22330.
    
    Change-Id: I89a457ceb783b6f66136d5bf9be0a9b0a04fa955
    Reviewed-on: https://go-review.googlesource.com/71910Reviewed-by: 's avatarTom Bergan <tombergan@google.com>
    Reviewed-by: 's avatarBrad Fitzpatrick <bradfitz@golang.org>
    Run-TryBot: Tom Bergan <tombergan@google.com>
    2da8a16c
transfer.go 27.2 KB