-
Brad Fitzpatrick authored
This was originally done in https://codereview.appspot.com/5690059 (Feb 2012) to deal with bad response headers coming back from webcams, but it presents a potential security problem with HTTP request smuggling for request headers containing "Content Length" instead of "Content-Length". Part of overall HTTP hardening for request smuggling. See RFC 7230. Thanks to Régis Leroy for the report. Change-Id: I92b17fb637c9171c5774ea1437979ae2c17ca88a Reviewed-on: https://go-review.googlesource.com/11772Reviewed-by:
Russ Cox <rsc@golang.org> Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
117ddcb8
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| header.go | ||
| pipeline.go | ||
| reader.go | ||
| reader_test.go | ||
| textproto.go | ||
| writer.go | ||
| writer_test.go |