• Brad Fitzpatrick's avatar
    net/http: validate transmitted header fields · 0026cb78
    Brad Fitzpatrick authored
    This makes sure the net/http package never attempts to transmit a
    bogus header field key or value and instead fails fast with an error
    to the user, rather than relying on the server to maybe return an
    error.
    
    It's still possible to use x/net/http2.Transport directly to send
    bogus stuff. This change only stops h1 & h2 usage via the net/http
    package. A future change will update x/net/http2.
    
    This change also moves some code from request.go to lex.go, which in a
    separate future change should be moved so it can be shared with http2
    to reduce code bloat.
    
    Updates #14048
    
    Change-Id: I0a44ae1ab357fbfcbe037aa4b5d50669a87f2856
    Reviewed-on: https://go-review.googlesource.com/21326Reviewed-by: 's avatarAndrew Gerrand <adg@golang.org>
    Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
    TryBot-Result: Gobot Gobot <gobot@golang.org>
    0026cb78
Name
Last commit
Last update
.github Loading commit data...
api Loading commit data...
doc Loading commit data...
lib/time Loading commit data...
misc Loading commit data...
src Loading commit data...
test Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
AUTHORS Loading commit data...
CONTRIBUTING.md Loading commit data...
CONTRIBUTORS Loading commit data...
LICENSE Loading commit data...
PATENTS Loading commit data...
README.md Loading commit data...
favicon.ico Loading commit data...
robots.txt Loading commit data...