| Age | Commit message (Collapse) | Author |
|---|
|
Previously, writing responses with non-200 and non-404 status code
requires an allocation. Now that CL 762040 prevents header names and
values from escaping, we can modify writeFrame to not allocate status
codes on the heap.
Change-Id: I230bed1b83627c1fb389c0507106d8e16a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/762140
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
When processing SETTINGS frame, Transport currently only checks if the
frame is valid for SETTINGS_ENABLE_CONNECT_PROTOCOL. As a result, a
SETTINGS_MAX_FRAME_SIZE with the invalid value of 0 is erroneously
accepted. This will then result in Transport being stuck in an infinite
loop writing CONTINUATION frames.
This CL fixes the issue by ensuring that SETTINGS frame are always
validated, regardless of the SETTINGS parameter.
Thanks to Marwan Atia (marwansamir688@gmail.com) for reporting this
issue.
Fixes #78476
Fixes CVE-2026-33814
Change-Id: I8b6219431e87454d34bca738fbcb59b66a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/761581
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
|
|
The ClientRequest type (unlike http.Request) is not reusable
across RoundTrip attempts because it includes a single-use
clientStream. (It's possible for RoundTrip to return while
some goroutines are still accessing the clientStream.)
Always clone the ClientRequest on retries.
Fixes #78202
Fixes #78187
Change-Id: I4012bb4e017a9516278c873ec5a589086a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/761301
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
|
|
This test has been intermittently flaky. Exact cause isn't clear,
but switch it to use a fake network to eliminate local network
flakiness as a cause.
Fixes #78209
Fixes #78213
Fixes #78263
Change-Id: I481553107e8557fda0707069856bafcc6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/758063
Reviewed-by: Nicholas Husin <husin@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
RFC 7540 and random write schedulers are not accessible from std, and
are essentially dead code at this point.
Change-Id: Ib1e9e6e9ae7962b451bc36c0dad3c503f56dc1c0
Reviewed-on: https://go-review.googlesource.com/c/go/+/757380
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
Auto-Submit: Nicholas Husin <nsh@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
This CL is mostly generated by running go fix. Manual edits have also been
selectively done to modernize the package where doing so is straightforward; for
example, using slices.Contains in lieu of strSliceContains.
Change-Id: Ie2942481672c56c370e2df0f172cf3e480a12bc5
Reviewed-on: https://go-review.googlesource.com/c/go/+/757220
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
This test contains a race condition in the server handler:
inHandler <- streamID
<-leaveHandler
We assume that all requests queue reading from leaveHandler in order,
but it is possible for the second request (stream id 3) to arrive at
leaveHandler before the first (stream id 1).
We could fix the race with a judicious synctest.Wait, but rewrite
the test to use serverHandlerCall to manipulate server handlers,
which permits us to precisely pick which request to unblock.
Fixes #78117
Change-Id: Icd393c81e019a0b5176976a6b50145a26a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/755320
Reviewed-by: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
Auto-Submit: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Drop a number of low-level benchmarks which use internal test APIs
that now use synctest. Synctest and benchmarks don't really mix;
we don't necessarily expect bubbled code to perform in the same
fashion as unbubbled code.
Fixes #78114
Change-Id: I23f0a5d296ffeabc836f3865e08778eb6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/754940
Reviewed-by: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Rework net/http/internal/http2 to use internally-defined types
rather than net/http types (to avoid an import cycle).
Remove h2_bundle.go, and replace it with calls into
net/http/internal/http2 instead.
For #67810
Change-Id: I56a1b28dbd0e302ab15a30f819dd46256a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751304
Reviewed-by: Nicholas Husin <nsh@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
|
|
Rewrote this test to use newTestClientConn, discovered that the assertion
that it's supposed to make (if a write to a conn fails, the conn is closed)
doesn't hold for all writes.
Skip the amended test for now.
For #67810
Change-Id: I1b696afcd2ba86ed631ee5f32c48b2366a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/753842
Reviewed-by: Mark Freeman <markfreeman@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fake connections have an option to "autowait", where the connection
calls synctest.Wait before a read or after a write.
This causes some confusing problems in cases when a connection
might be used elsewhere than the main test goroutine, possibly
resulting in two synctest.Wait calls at the same time.
Drop the autowait feature, and add some more explicit Waits
as required.
For #67810
Change-Id: I3ba96b2af3b3a2f171c44bfe47be1d7f6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/753841
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
|
|
After encountering a write error on a server's connection,
remember the error and reuse it for future writes.
Fixes a rare flakiness in TestServerWriteByteTimeout,
where we can sometimes attempt to flush the write buffer
after encountering a write timeout.
Change-Id: I01649ae41185d6109180e222d4e8f8426a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/753720
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <husin@google.com>
|
|
UpgradeRequest is used by the x/net/http2/h2c package for
upgrading HTTP/1.1 requests to unencrypted HTTP/2.
net/http only supports unencrypted HTTP/2 "with prior knowledge",
not upgrade.
Drop the field.
For #67810
Change-Id: Iae48386e2e299dbf3b433954b87b6eb86a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/753320
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
The http2 package needs access to DetectContentType,
so move it into a common location.
For #67810
Change-Id: Ibff3d57a4931106c2f69c5717c06bd5f6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751701
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Ping is no longer a public API.
For #67810
Change-Id: I7df19d443634ada23cf4137b96cb25676a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751311
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
|
|
ConfigureTransport is no longer a public API.
For #67810
Change-Id: I8dae19bc0635c77bafa202841ef468356a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751310
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
|
|
This test exercises dials in the client connection pool inside
http2.Transport, but in the merged-into-std world dials are
always handled by the net/http.Transport.
For #67810
Change-Id: Ic047ec3628c48116f1eda3c145bf5a566a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751309
Reviewed-by: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
|
|
This test exercises the h2c upgrade path, where a client sends
an HTTP/1 requests and receives an HTTP/2 response.
We don't support this path any more, so drop the test.
For #67810
Change-Id: Ib100c3afb18a98f613c19023cb2d5a026a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751308
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
This test exercises the ability to provide a non-*tls.Conn to
the HTTP/2 server. This is not currently supported by
net/http.Server (although it would be nice to have),
so drop the test.
For #67810
Change-Id: Ica5b0bcceddbb75dcc2b4d5f69fad8676a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751307
Reviewed-by: Nicholas Husin <nsh@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
|
|
Replace older test infrastructure with the new shiny.
Simplifies keeping this test post merge into std.
For #67810
Change-Id: Idd876af67265ae8b6ab5b82f9ac376d26a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751306
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
|
|
ServeConn is no longer a public API, so there is no need
to test this path.
For #67810
Change-Id: I2f740ebf95777d5d44ea26f27aa812f46a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751305
Reviewed-by: Nicholas Husin <nsh@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Update http2 tests to use a net/http Transport or Server where
possible, rather than the http2 versions of these types.
This changes tests which exercised configuring the http2
package types to now exercise the net/http configuration path.
For example, tests which set http2.Transport.DisableCompression
will now set http.Transport.DisableCompression. We don't care
about the old http2-internal configuration paths, since they
aren't accessible to users.
For #67810
Change-Id: I942c6812321fbd24c94b8aa7215dc60d6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751302
Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Remove the "//go:build ignore" lines from the initial import
and make the minimal changes required for tests to pass in
the new package location.
For #67810
Change-Id: I243f4d4a2e269266786a22a7eb8fb17d6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751700
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
|
|
This copies the contents of golang.org/x/net/http2 at
38019a2dbc2645a4c06a1e983681eefb041171c8
into net/http/internal/http2.
Files which are not built at go1.27 (e.g., config_go125.go)
are not included.
A "//go:build ignore" comment has been added to each file.
For #67810
Change-Id: If3e52767eea31adf4e2fdcff0dfa67e46a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/751300
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <nsh@golang.org>
|
|
This CL does the following:
1. Bundles up golang.org/x/net/internal/httpsfv since h2_bundle.go now
relies on it.
2. Modifies h2_bundle.go import mapping to account for httpsfv package.
3. Updates all vendored dependencies using
golang.org/x/build/cmd/updatestd.
For #75500
Change-Id: Ia2f41ad606092fe20b62f946266190502b146977
Reviewed-on: https://go-review.googlesource.com/c/go/+/738621
Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
http2inTests is no longer needed after go.dev/cl/708135 and should be
deleted. To prevent errors in future vendored dependency updates,
h2_bundle.go is also updated together in this change.
Change-Id: I7b8c3f6854203fab4ec639a2a268df0cd2b1dee7
Reviewed-on: https://go-review.googlesource.com/c/go/+/708595
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
For #71984
Change-Id: Ic15826f09ea818f8833bd3d979bffaede24d49df
Reviewed-on: https://go-review.googlesource.com/c/go/+/654717
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Junyang Shao <shaojunyang@google.com>
|
|
Unlike request headers, where we are allowed to leniently accept
a bare LF in place of a CRLF, chunked bodies must always use CRLF
line terminators. We were already enforcing this for chunk-data lines;
do so for chunk-size lines as well. Also reject bare CRs anywhere
other than as part of the CRLF terminator.
Fixes CVE-2025-22871
Fixes #71988
Change-Id: Ib0e21af5a8ba28c2a1ca52b72af8e2265ec79e4a
Reviewed-on: https://go-review.googlesource.com/c/go/+/652998
Reviewed-by: Jonathan Amsterdam <jba@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
The golang.org/x/net/internal/httpcommon package is
a new package containing internal functions common to the
HTTP/2 and HTTP/3 implementations.
Update to golang.org/x/net@v0.35.1-0.20250213222735-884432780bfd,
which includes the httpcommon package.
Since net/http can't depend on a x/net/internal package,
add net/http/internal/httpcommon which bundles the x/net
package.
Change-Id: Iba6c4be7b3e2d9a9d79c4b5153497b0e04b4497b
Reviewed-on: https://go-review.googlesource.com/c/go/+/649296
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
|
|
When an HTTP redirect changes the host of a request, we drop
sensitive headers such as Authorization from the redirected request.
Fix a bug where a chain of redirects could result in sensitive
headers being sent to the wrong host:
1. request to a.tld with Authorization header
2. a.tld redirects to b.tld
3. request to b.tld with no Authorization header
4. b.tld redirects to b.tld
3. request to b.tld with Authorization header restored
Thanks to Kyle Seely for reporting this issue.
For #70530
Fixes CVE-2024-45336
Change-Id: Ia58a2e10d33d6b0cc7220935e771450e5c34de72
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1641
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Commit-Queue: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/643095
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
|
|
Change-Id: Ib7c4baf0247c421954aedabfbb6a6af8a08a8936
Reviewed-on: https://go-review.googlesource.com/c/go/+/540021
Reviewed-by: Damien Neil <dneil@google.com>
Run-TryBot: shuang cui <imcusg@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Fixes #64517
Change-Id: I78b8a6a83301deee05c3ff052a6adcd1f965aef2
Reviewed-on: https://go-review.googlesource.com/c/go/+/553835
Auto-Submit: Damien Neil <dneil@google.com>
Commit-Queue: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
|
|
The chunked transfer encoding adds some overhead to
the content transferred. When writing one byte per
chunk, for example, there are five bytes of overhead
per byte of data transferred: "1\r\nX\r\n" to send "X".
Chunks may include "chunk extensions",
which we skip over and do not use.
For example: "1;chunk extension here\r\nX\r\n".
A malicious sender can use chunk extensions to add
about 4k of overhead per byte of data.
(The maximum chunk header line size we will accept.)
Track the amount of overhead read in chunked data,
and produce an error if it seems excessive.
Fixes #64433
Fixes CVE-2023-39326
Change-Id: I40f8d70eb6f9575fb43f506eb19132ccedafcf39
Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2076135
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/547335
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
[This CL is part of a sequence implementing the proposal #51082.
The design doc is at https://go.dev/s/godocfmt-design.]
Run the updated gofmt, which reformats doc comments,
on the main repository. Vendored files are excluded.
For #51082.
Change-Id: I7332f099b60f716295fb34719c98c04eb1a85407
Reviewed-on: https://go-review.googlesource.com/c/go/+/384268
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
Upgrade the test certificate from RSA 1024 (not FIPS-approved)
to RSA 2048 (FIPS-approved), allowing tests to pass when
the dev.boringcrypto branch FIPS-only mode is enabled.
Fixes #48674.
Change-Id: I613d2f8d0207bf3683fd0df256bf0167604996c5
Reviewed-on: https://go-review.googlesource.com/c/go/+/353869
Trust: Damien Neil <dneil@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
Fixes #48861
Change-Id: I3f55bfbdc4f2cf5b33d1ab2d76e01335bb497c6f
GitHub-Last-Rev: 0ecd790b87ddd31d0cf08e8f2726f918a2edd1fb
GitHub-Pull-Request: golang/go#48903
Reviewed-on: https://go-review.googlesource.com/c/go/+/355029
Trust: Damien Neil <dneil@google.com>
Trust: Daniel Martí <mvdan@mvdan.cc>
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
Many uses of Index/IndexByte/IndexRune/Split/SplitN
can be written more clearly using the new Cut functions.
Do that. Also rewrite to other functions if that's clearer.
For #46336.
Change-Id: I68d024716ace41a57a8bf74455c62279bde0f448
Reviewed-on: https://go-review.googlesource.com/c/go/+/351711
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
The net/http/internal package contains a PEM-encoded private key used in
tests. This key is initialized at init time, which prevents it from
being stripped by the linker in non-test binaries.
Move the certificate and key to a new net/http/internal/testcert
package to ensure it is only included in binaries that reference it.
Fixes #46677.
Change-Id: Ie98bda529169314cc791063e7ce4d99ef99113c8
Reviewed-on: https://go-review.googlesource.com/c/go/+/326771
Trust: Damien Neil <dneil@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
|
|
The current implementation uses UTF-aware functions
like strings.EqualFold and strings.ToLower.
This could, in some cases, cause http smuggling.
Change-Id: I0e76a993470a1e1b1b472f4b2859ea0a2b22ada0
Reviewed-on: https://go-review.googlesource.com/c/go/+/308009
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Roberto Clapis <roberto@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
The old ioutil references are still valid, but update our code
to reflect best practices and get used to the new locations.
Code compiled with the bootstrap toolchain
(cmd/asm, cmd/dist, cmd/compile, debug/elf)
must remain Go 1.4-compatible and is excluded.
Also excluded vendored code.
For #41190.
Change-Id: I6d86f2bf7bc37a9d904b6cee3fe0c7af6d94d5b1
Reviewed-on: https://go-review.googlesource.com/c/go/+/263142
Trust: Russ Cox <rsc@golang.org>
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
|
|
Gerrit is complaining about pushes that affect these files
and forcing people to use -o nokeycheck, which defeats
the point of the check. Hide the keys from this kind of scan
by marking them explicitly as testing keys.
This is a little annoying but better than training everyone
who ever edits one of these test files to reflexively override
the Gerrit check.
The only remaining keys explicitly marked as private instead
of testing are in examples, and there's not much to do
about those. Hopefully they are not edited as much.
Change-Id: I4431592b5266cb39fe6a80b40e742d97da803a0b
Reviewed-on: https://go-review.googlesource.com/c/go/+/178178
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
Change-Id: I0f76b40dbfda2d382c88aec377db1851c4ac7441
Change-Id: I0f76b40dbfda2d382c88aec377db1851c4ac7441
GitHub-Last-Rev: ab42559278d8cba9e025b431a459d117500a73da
GitHub-Pull-Request: golang/go#26410
Reviewed-on: https://go-review.googlesource.com/124255
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
|
|
This reverts commit 08f19bbde1b01227fdc2fa2d326e4029bb74dd96.
Reason for revert:
The changed transformation takes effect on a larger set
of code snippets than expected.
For example, this:
func foo() {
// Comment
bar()
}
becomes:
func foo() {
// Comment
bar()
}
This is an unintended consequence.
Change-Id: Ifca88d6267dab8a8170791f7205124712bf8ace8
Reviewed-on: https://go-review.googlesource.com/81335
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Joe Tsai <joetsai@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
To improve readability when exported fields are removed,
forbid the printer from emitting an empty line before the first comment
in a const, var, or type block.
Also, when printing the "Has filtered or unexported fields." message,
add an empty line before it to separate the message from the struct
or interfact contents.
Before the change:
<<<
type NamedArg struct {
// Name is the name of the parameter placeholder.
//
// If empty, the ordinal position in the argument list will be
// used.
//
// Name must omit any symbol prefix.
Name string
// Value is the value of the parameter.
// It may be assigned the same value types as the query
// arguments.
Value interface{}
// contains filtered or unexported fields
}
>>>
After the change:
<<<
type NamedArg struct {
// Name is the name of the parameter placeholder.
//
// If empty, the ordinal position in the argument list will be
// used.
//
// Name must omit any symbol prefix.
Name string
// Value is the value of the parameter.
// It may be assigned the same value types as the query
// arguments.
Value interface{}
// contains filtered or unexported fields
}
>>>
Fixes #18264
Change-Id: I9fe17ca39cf92fcdfea55064bd2eaa784ce48c88
Reviewed-on: https://go-review.googlesource.com/71990
Run-TryBot: Joe Tsai <thebrokentoaster@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
Fixes #17355
Change-Id: I5390979cd0081b61a639466377faa46b4221b74a
Reviewed-on: https://go-review.googlesource.com/31329
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
CL/19862 (f79b50b8d5bc159561c1dcf7c17e2a0db96a9a11) recently introduced the constants
SeekStart, SeekCurrent, and SeekEnd to the io package. We should use these constants
consistently throughout the code base.
Updates #15269
Change-Id: If7fcaca7676e4a51f588528f5ced28220d9639a2
Reviewed-on: https://go-review.googlesource.com/22097
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Joe Tsai <joetsai@digital-static.net>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
Thanks to Régis Leroy for noticing.
Change-Id: I5ca2402efddab4e63d884a9d315fc1394e514cb7
Reviewed-on: https://go-review.googlesource.com/18871
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
Fixes #13135
Change-Id: I45666f32cd91102211bf01a306edcb10deb65187
Reviewed-on: https://go-review.googlesource.com/16680
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Andrew Gerrand <adg@golang.org>
|
|
Change-Id: Icf9b6802945051aa484fb9ebcce71704f5655474
Reviewed-on: https://go-review.googlesource.com/16630
Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
|
The Transport's writer to the remote server is wrapped in a
bufio.Writer to suppress many small writes while writing headers and
trailers. However, when writing the request body, the buffering may get
in the way if the request body is arriving slowly.
Because the io.Copy from the Request.Body to the writer is already
buffered, the outer bufio.Writer is unnecessary and prevents small
Request.Body.Reads from going to the server right away. (and the
io.Reader contract does say to return when you've got something,
instead of blocking waiting for more). After the body is finished, the
Transport's bufio.Writer is still used for any trailers following.
A previous attempted fix for this made the chunk writer always flush
if the underlying type was a bufio.Writer, but that is not quite
correct. This CL instead makes it opt-in by using a private sentinel
type (wrapping a *bufio.Writer) to the chunk writer that requests
Flushes after each chunk body (the chunk header & chunk body are still
buffered together into one write).
Fixes #6574
Change-Id: Icefcdf17130c9e285c80b69af295bfd3e72c3a70
Reviewed-on: https://go-review.googlesource.com/10021
Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
|
