| Age | Commit message (Collapse) | Author |
|---|
|
The existing js/wasm implementation of RoundTrip calls abort() on the
fetch() call when the context is canceled but does not wait for for the
resulting promise to be rejected. The result is the failure callback for the
promise will be called at some later point in time when the promise
rejection is handled. In some case this callback may be called after the Go
program has exited resulting in "Go program has already exited" errors.
Fixes #57098
Change-Id: Ia37fd22cb9f667dbb0805ff5db0ceb8fdba7246b
Reviewed-on: https://go-review.googlesource.com/c/go/+/680937
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Rather than repeatedly creating error values on
CrossOriginProtection.Check's unhappy paths, return non-exported and
effectively constant error variables.
For #73626.
Change-Id: Ibaa036c29417071b3601b8d200ab0902359d1bb9
GitHub-Last-Rev: e704d63cd63665845d544796e802134ea608e217
GitHub-Pull-Request: golang/go#74251
Reviewed-on: https://go-review.googlesource.com/c/go/+/681178
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: qiu laidongfeng2 <2645477756@qq.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
Currently, CrossOriginProtection must be constructed by
NewCrossOriginProtection. If you try to use the zero value, most
methods will panic with a nil dereference.
This CL makes CrossOriginProtection use on-demand initialization
instead, so the zero value has the same semantics as the value
currently returned by NewCrossOriginProtection. Now,
NewCrossOriginProtection just constructs the zero value.
We keep NewCrossOriginProtection by analogy to NewServeMux.
Updates #73626
Fixes #74089.
Change-Id: Ia80183eb6bfdafb0e002271c0b25c2d6230a159a
Reviewed-on: https://go-review.googlesource.com/c/go/+/680396
Auto-Submit: Austin Clements <austin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
The Go 1.25 RC is due soon. This is the time to once again update all
golang.org/x/... module versions that contribute packages to the std and
cmd modules in the standard library to latest master versions.
For #36905.
[git-generate]
go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=master
cat << EOF | patch
diff --git a/src/cmd/go/testdata/script/test_json_build.txt b/src/cmd/go/testdata/script/test_json_build.txt
index df8863ae03..2a572ace72 100644
--- a/src/cmd/go/testdata/script/test_json_build.txt
+++ b/src/cmd/go/testdata/script/test_json_build.txt
@@ -56,7 +56,7 @@ stdout '"Action":"fail","Package":"m/cycle/p","Elapsed":.*,"FailedBuild":"m/cycl
! go test -json -o=$devnull ./veterror
stdout '"ImportPath":"m/veterror \[m/veterror.test\]","Action":"build-output","Output":"# m/veterror\\n"'
stdout '"ImportPath":"m/veterror \[m/veterror.test\]","Action":"build-output","Output":"# \[m/veterror\]\\n"'
-stdout '"ImportPath":"m/veterror \[m/veterror.test\]","Action":"build-output","Output":"veterror(/|\\\\)main_test.go:9:9: fmt.Printf format %s reads arg #1, but call has 0 args\\n"'
+stdout '"ImportPath":"m/veterror \[m/veterror.test\]","Action":"build-output","Output":"veterror(/|\\\\)main_test.go:9:21: fmt.Printf format %s reads arg #1, but call has 0 args\\n"'
stdout '"ImportPath":"m/veterror \[m/veterror.test\]","Action":"build-fail"'
stdout '"Action":"start","Package":"m/veterror"'
stdout '"Action":"output","Package":"m/veterror","Output":"FAIL\\tm/veterror \[build failed\]\\n"'
EOF
Change-Id: I6a8d35acdeab90c3bbd6395b8b1abb021673b5cb
Reviewed-on: https://go-review.googlesource.com/c/go/+/678556
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
Similarly to Authentication entries, Proxy-Authentication entries should be stripped to ensure sensitive information is not leaked on redirects outside of the original domain.
https://fetch.spec.whatwg.org/#authentication-entries
Thanks to Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.) for reporting this issue.
For #73816
Fixes CVE-2025-4673
Change-Id: Ied7b641f6531f1d340ccba3c636d3c30dd5547d9
Reviewed-on: https://go-review.googlesource.com/c/go/+/679257
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
Also, fix a minor typo in ServeMux.Handle and ServeMux.HandleFunc.
Change-Id: I6a6a46565719104cb8f2484daf0e39f35b55a078
Reviewed-on: https://go-review.googlesource.com/c/go/+/675835
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Use the non-experimental Test function.
As a bonus, this lets us drop the hacks we were doing to support
t.Cleanup inside bubbles.
Change-Id: I070624e1384494e9d5fcfee594cfbb7680c1beda
Reviewed-on: https://go-review.googlesource.com/c/go/+/675315
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
|
|
Fixes #73626
Change-Id: I6a6a4656862e7a38acb65c4815fb7a1e04896172
Reviewed-on: https://go-review.googlesource.com/c/go/+/674936
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
|
|
This enable http.RoundTripper implementation to retry POST request (let's
say after a 500) after a 307/308 redirect.
Fixes #73439
Change-Id: I4365ff58b012c7f0d60e0317a08c98b1d48f657e
Reviewed-on: https://go-review.googlesource.com/c/go/+/666735
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
Explain that ServeMux.Handler doesn't populate the request with
matches.
Fixes #69623.
Change-Id: If625b3f8e8f4e54b05e1d9a86e8c471045e77763
Reviewed-on: https://go-review.googlesource.com/c/go/+/674095
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Chressie Himpel <chressie@google.com>
Reviewed-by: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
When a match involves a trailing-slash redirect, ServeMux.Handler now
returns the pattern that matched.
Fixes #73688.
Change-Id: I682d9cc9a3628bed8bf21139b98369ffa6c53792
Reviewed-on: https://go-review.googlesource.com/c/go/+/673815
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
A sentinel error http.ErrServerClosed is returned after Server.Shutdown
and Server.Close but it is not documented on the Server.Shutdown while
other methods such as Server.Serve are documented on it.
Change-Id: Id82886d9d6a1474a514d62e9169b35f3579a9eee
Reviewed-on: https://go-review.googlesource.com/c/go/+/671695
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Sean Liao <sean@liao.dev>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Sean Liao <sean@liao.dev>
|
|
This CL updates x/tools to 68e94bd and x/text to v0.24.0,
updates the vendor tree, and re-runs the bundle step for net/http.
Updates golang/go#28308
Change-Id: I4184f77547f535270ddc8e2ce6542377e3046ffd
Reviewed-on: https://go-review.googlesource.com/c/go/+/667597
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Auto-Submit: Alan Donovan <adonovan@google.com>
|
|
Improve scheme port lookup by replacing map with switch, reducing overhead and improving performance.
Change-Id: I45c790da15e237d5f32c50d342b3713b98fd2ffa
GitHub-Last-Rev: 4c02e4cabf181b365fbf2b722e3051625a289527
GitHub-Pull-Request: golang/go#73422
Reviewed-on: https://go-review.googlesource.com/c/go/+/666356
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
|
|
Change-Id: Ib4edae749ce8da433e992e08a90c9cf3d4357081
GitHub-Last-Rev: 19d87d12ab6b299b37e8907429f4dff52ab53745
GitHub-Pull-Request: golang/go#46102
Reviewed-on: https://go-review.googlesource.com/c/go/+/318690
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fixes #56104
Change-Id: I8fbbb00379e51323e2782144070cbcad650eb6f1
GitHub-Last-Rev: 62d7a8064e4f2173f0d8e02ed91a7e8de7f13fca
GitHub-Pull-Request: golang/go#56110
Reviewed-on: https://go-review.googlesource.com/c/go/+/440795
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
|
|
This test wasn't testing the HTTP/2 case, because it didn't
set NextProtos in the tls.Config.
Set "Connection: close" on requests to make sure each request
gets a new connection.
Change-Id: I1ef470e7433a602ce88da7bd7eeec502687ea857
Reviewed-on: https://go-review.googlesource.com/c/go/+/655676
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
|
|
Improve the initialization of the Value map in cloneMultipartForm by
utilizing the length of the File map to optimize memory allocation.
Change-Id: I97ba9e19b2718a75c270e6df21306f4c82656c71
GitHub-Last-Rev: a9683ba9a7cbb20213766fba8d9096b4f8591d86
GitHub-Pull-Request: golang/go#69943
Reviewed-on: https://go-review.googlesource.com/c/go/+/621235
Reviewed-by: Christian Ekrem <christianekrem@gmail.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: qiu laidongfeng2 <2645477756@qq.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
|
|
Previously, Hijack allocated a new write buffer and the existing
connection write buffer used an extra 4KiB of memory until the handler
finished and the "conn" was garbage collected. Now, hijack re-uses the
existing write buffer and re-attaches it to the raw connection to avoid
referencing the net/http "conn" after returning.
After a handler that hijacked exited, the "conn" reference in
"connReader" will now be unset. This allows all of the "conn",
"response" and "Request" to get garbage collected.
Overall, this is reducing the memory usage by 43% or 6.7KiB per hijacked
connection (see BenchmarkServerHijackMemoryUsage in an earlier revision
of the CL).
CloseNotify will continue to work _before_ the handler has exited
(i.e. while the "conn" is still referenced in "connReader"). This aligns
with the documentation of CloseNotifier:
> After the Handler has returned, there is no guarantee that the channel
> receives a value.
goos: linux
goarch: amd64
pkg: net/http
cpu: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
│ before │ after │
│ sec/op │ sec/op vs base │
ServerHijack-8 42.59µ ± 8% 39.47µ ± 16% ~ (p=0.481 n=10)
│ before │ after │
│ B/op │ B/op vs base │
ServerHijack-8 16.12Ki ± 0% 12.06Ki ± 0% -25.16% (p=0.000 n=10)
│ before │ after │
│ allocs/op │ allocs/op vs base │
ServerHijack-8 51.00 ± 0% 49.00 ± 0% -3.92% (p=0.000 n=10)
Change-Id: I20a37ee314ed0d47463a4657d712154e78e48138
GitHub-Last-Rev: 80f09dfa273035f53cdd72845e5c5fb129c3e230
GitHub-Pull-Request: golang/go#70756
Reviewed-on: https://go-review.googlesource.com/c/go/+/634855
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Sean Liao <sean@liao.dev>
|
|
If Transport is a non-nil interface pointing to a nil implementer,
then a panic inside of roundTrip further obsfucates the issue.
Change-Id: I47664b8e6185c5f56b5e529f49022484b5ea1d94
Reviewed-on: https://go-review.googlesource.com/c/go/+/661897
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Neal Patel <nealpatel@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
Some types are not linked.
This change adds a link to each type.
Change-Id: Id46fb64a74efb851ed76e4136f15e8fd9e445bb7
Reviewed-on: https://go-review.googlesource.com/c/go/+/663075
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fixes #30359
Change-Id: I5dfb2cd63c737959fd2f6a0dbf50ff8de18bb15d
Reviewed-on: https://go-review.googlesource.com/c/go/+/658535
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
CL 637939 changed ReverseProxy to report errors encountered when
copying data on an hijacked connection. This is generally not useful,
and when using the default error handler results in WriteHeader
being called on a hijacked connection.
While this is harmless with standard net/http ResponseWriter
implementations, it can confuse middleware layers.
Fixes #72954
Change-Id: I21f3d3d515e114dc5c298d7dbc3796c505d3c82f
Reviewed-on: https://go-review.googlesource.com/c/go/+/659255
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Fixes #50337
Change-Id: I898ff6352f46f0f9b540b053049c5116e2165827
Reviewed-on: https://go-review.googlesource.com/c/go/+/658536
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
Avoids a race condition: If we set an onClose hook on a conn
created by a listener, then setting the hook can race with
the connection closing.
Change-Id: Ibadead3abbe4335d41f1e2cf84f4696fe98166b3
Reviewed-on: https://go-review.googlesource.com/c/go/+/658655
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
|
|
For #4385
For #72745
Change-Id: Ibd54fc03467eb948001299001bb2e2529512a7c0
Reviewed-on: https://go-review.googlesource.com/c/go/+/656135
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
CL 637939 changed ReverseProxy's handling of hijacked connections:
After copying all data in one direction, it half-closes the outbound
connection rather than fully closing both.
Revert to the old behavior when the outbound connection does not support
CloseWrite, avoiding a case where one side of the proxied connection closes
but the other remains open.
Fixes #72140
Change-Id: Ic0cacaa6323290f89ba48fd6cae737e86045a435
Reviewed-on: https://go-review.googlesource.com/c/go/+/655595
Reviewed-by: Jonathan Amsterdam <jba@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
|
|
This PR adds error handling in net/http toHTTPError to return a 404
instead of a 500 when net/http fs.Dir.Open throws the error http:
invalid or unsafe file path.
Fixes #72091
Change-Id: I7941c8fca5160a4a82732dc1d05b9b95eac84fbf
GitHub-Last-Rev: 04b5019dfb629820621f3776d6f22fd754171565
GitHub-Pull-Request: golang/go#72108
Reviewed-on: https://go-review.googlesource.com/c/go/+/654975
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
|
|
Clone the input slice before adjusting NextProtos
to add or remove "http/1.1" and "h2" entries,
so as not to modify a slice that the caller might be using.
(We clone the tls.Config that contains the slice, but
that's a shallow clone.)
Fixes #72100
Change-Id: I9f228b8fb6f6f2ca5023179ec114929c002dbda9
Reviewed-on: https://go-review.googlesource.com/c/go/+/654875
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
For #71984
Change-Id: Ic15826f09ea818f8833bd3d979bffaede24d49df
Reviewed-on: https://go-review.googlesource.com/c/go/+/654717
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Junyang Shao <shaojunyang@google.com>
|
|
TestReverseProxyWebSocketHalfTCP requires half closed connections,
which aren't supported on Plan 9.
For #35892
Fixes #72095
Change-Id: I64b458bc15ac3b8eda43dc871bf67ada32a59708
Reviewed-on: https://go-review.googlesource.com/c/go/+/654636
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: David du Colombier <0intro@gmail.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
|
|
Fixes #67031
Change-Id: I1d764afdc7e50d61007f5f71a674eb6872ce507a
GitHub-Last-Rev: 869535e843d2133fa5279297b002dd96725384e0
GitHub-Pull-Request: golang/go#71798
Reviewed-on: https://go-review.googlesource.com/c/go/+/650195
Auto-Submit: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
|
|
This CL propagates closing the write stream from either side of the
reverse proxy and ensures the proxy waits for both copy-to and the
copy-from the backend to complete.
The new unit test checks communication through the reverse proxy when
the backend or frontend closes either the read or write streams.
That closing the write stream is propagated through the proxy from
either the backend or the frontend. That closing the read stream is
not propagated through the proxy.
Fixes #35892
Change-Id: I83ce377df66a0f17b9ba2b53caf9e4991a95f6a0
Reviewed-on: https://go-review.googlesource.com/c/go/+/637939
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Auto-Submit: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Matej Kramny <matejkramny@gmail.com>
|
|
The root cause of issue #65802 is a small race condition that occurs between
two events:
1. During the HTTP server shutdown, a connection in an idle state is identified
and closed.
2. The connection, although idle, has just finished reading a complete request
before being closed and hasn't yet updated its state to active.
In this scenario, despite the connection being closed, the request continues to
be processed. This not only wastes server resources but also prevents the
client request from being retried.
Fixes #65802
Change-Id: Ic22abb4497be04f6c84dff059df00f2c319d8652
GitHub-Last-Rev: 426099a3e75f51b80f8ca866938f31417d75ff89
GitHub-Pull-Request: golang/go#65805
Reviewed-on: https://go-review.googlesource.com/c/go/+/565277
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Sean Liao <sean@liao.dev>
|
|
The CloseNotifier interface is deprecated. We can defer allocating the
backing channel until the first use of CloseNotifier.
goos: linux
goarch: amd64
pkg: net/http
cpu: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
│ before │ after │
│ sec/op │ sec/op vs base │
Server-8 160.8µ ± 2% 160.1µ ± 1% ~ (p=0.353 n=10)
CloseNotifier/h1-8 222.1µ ± 4% 226.4µ ± 7% ~ (p=0.143 n=10)
geomean 189.0µ 190.4µ +0.75%
│ before │ after │
│ B/op │ B/op vs base │
Server-8 2.292Ki ± 0% 2.199Ki ± 0% -4.07% (p=0.000 n=10)
CloseNotifier/h1-8 3.224Ki ± 0% 3.241Ki ± 0% +0.51% (p=0.000 n=10)
geomean 2.718Ki 2.669Ki -1.80%
│ before │ after │
│ allocs/op │ allocs/op vs base │
Server-8 21.00 ± 0% 20.00 ± 0% -4.76% (p=0.000 n=10)
CloseNotifier/h1-8 50.00 ± 0% 50.00 ± 0% ~ (p=1.000 n=10) ¹
geomean 32.40 31.62 -2.41%
¹ all samples are equal
Change-Id: I3f35d56b8356fb660589b7708a023e4480f32067
GitHub-Last-Rev: c75696b9b8498ae03a4ad9527b9b7c8337415456
GitHub-Pull-Request: golang/go#71163
Reviewed-on: https://go-review.googlesource.com/c/go/+/640598
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Unlike request headers, where we are allowed to leniently accept
a bare LF in place of a CRLF, chunked bodies must always use CRLF
line terminators. We were already enforcing this for chunk-data lines;
do so for chunk-size lines as well. Also reject bare CRs anywhere
other than as part of the CRLF terminator.
Fixes CVE-2025-22871
Fixes #71988
Change-Id: Ib0e21af5a8ba28c2a1ca52b72af8e2265ec79e4a
Reviewed-on: https://go-review.googlesource.com/c/go/+/652998
Reviewed-by: Jonathan Amsterdam <jba@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
Change-Id: I91f1b93298671bcb2aa5f86a59f5794bd3e3b2a9
GitHub-Last-Rev: f2e7ffb45f7b201381e1f1a3018b523dea4249f8
GitHub-Pull-Request: golang/go#71911
Reviewed-on: https://go-review.googlesource.com/c/go/+/651220
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Change-Id: I27e86c221da7f541c4823f501801e02942c9a829
Reviewed-on: https://go-review.googlesource.com/c/go/+/649935
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Replace the usage of runtime.SetFinalizer with runtime.AddCleanup in
tests.
Updates #70907
Change-Id: Idd3f1c07f6a7709352ca09948fbcb4a0ad9418bb
Reviewed-on: https://go-review.googlesource.com/c/go/+/648655
Auto-Submit: Carlos Amedee <carlos@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
h2_bundle.go has been updated.
Change-Id: I055b8db9aab964621c980e4731011c89f7694405
Reviewed-on: https://go-review.googlesource.com/c/go/+/649496
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
|
|
The golang.org/x/net/internal/httpcommon package is
a new package containing internal functions common to the
HTTP/2 and HTTP/3 implementations.
Update to golang.org/x/net@v0.35.1-0.20250213222735-884432780bfd,
which includes the httpcommon package.
Since net/http can't depend on a x/net/internal package,
add net/http/internal/httpcommon which bundles the x/net
package.
Change-Id: Iba6c4be7b3e2d9a9d79c4b5153497b0e04b4497b
Reviewed-on: https://go-review.googlesource.com/c/go/+/649296
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
|
|
The tree has opened for Go 1.25 development. This is a time to update
all golang.org/x/... module versions that contribute packages to the
std and cmd modules in the standard library to latest master versions.
For #36905.
[git-generate]
go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=master
# Update a cmd/vet test case.
cat <<EOF | patch
diff --git a/src/cmd/vet/testdata/print/print.go b/src/cmd/vet/testdata/print/print.go
index a2ad0f1298..fffe571163 100644
--- a/src/cmd/vet/testdata/print/print.go
+++ b/src/cmd/vet/testdata/print/print.go
@@ -200,8 +200,8 @@ func PrintfTests() {
// Bad argument reorderings.
Printf("%[xd", 3) // ERROR "Printf format %\[xd is missing closing \]"
Printf("%[x]d x", 3) // ERROR "Printf format has invalid argument index \[x\]"
- Printf("%[3]*s x", "hi", 2) // ERROR "Printf format has invalid argument index \[3\]"
- _ = fmt.Sprintf("%[3]d x", 2) // ERROR "Sprintf format has invalid argument index \[3\]"
+ Printf("%[3]*s x", "hi", 2) // ERROR "Printf format %\[3\]\*s reads arg #3, but call has 2 args"
+ _ = fmt.Sprintf("%[3]d x", 2) // ERROR "Sprintf format %\[3\]d reads arg #3, but call has 1 arg"
Printf("%[2]*.[1]*[3]d x", 2, "hi", 4) // ERROR "Printf format %\[2]\*\.\[1\]\*\[3\]d uses non-int \x22hi\x22 as argument of \*"
Printf("%[0]s x", "arg1") // ERROR "Printf format has invalid argument index \[0\]"
Printf("%[0]d x", 1) // ERROR "Printf format has invalid argument index \[0\]"
EOF
# Temporarily hold x/net back to leave out CL 643780 because it's
# causing an import cycle in net/http's generated h2_bundle.go.
cd src
sed -i '' 's|"golang.org/x/net/internal/httpcommon"||' net/http/h2_bundle.go
go get golang.org/x/net@v0.34.1-0.20250123000230-c72e89d6a9e4 # version before CL 643780
go mod tidy
go mod vendor
go generate net/http
Change-Id: I91967ceb797bbc741af024cd2d2dba29dc558384
Reviewed-on: https://go-review.googlesource.com/c/go/+/648735
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
|
|
Fixes #68476
Change-Id: I05122e5ec5e6b290eec93f3db444fcf1de19c030
Reviewed-on: https://go-review.googlesource.com/c/go/+/599815
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Daniel Martí <mvdan@mvdan.cc>
|
|
time.Time has had an AppendFormat method since go1.5 so there's no
need to carry around a custom implementation.
Change-Id: I8e7e5a9ac34e8bf251f5d70555405777ce4e22a8
Reviewed-on: https://go-review.googlesource.com/c/go/+/647955
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
|
|
Replace `for _, s := range {strings, bytes}.Split(v, sep)` with
`for s := range {strings, bytes}.SplitSeq(v, sep)`, to simplify
the code and reduce some memory allocations.
Change-Id: Idead4de1e3928fc75cc5ba8caeff85542f1243d5
GitHub-Last-Rev: 5fb196a073e7583b23b1ebb446d6c067580ed63a
GitHub-Pull-Request: golang/go#71554
Reviewed-on: https://go-review.googlesource.com/c/go/+/646216
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
|
After using strings.FieldsFuncSeq, the number of memory allocations has been reduced from 2 to 0.
The following is the complete benchamark code and results:
package main
import (
"strings"
"testing"
)
func isSlashRune(r rune) bool { return r == '/' || r == '\\' }
func containsDotDotLoop(v string) bool {
if !strings.Contains(v, "..") {
return false
}
for _, ent := range strings.FieldsFunc(v, isSlashRune) {
if ent == ".." {
return true
}
}
return false
}
func containsDotDotSeq(v string) bool {
if !strings.Contains(v, "..") {
return false
}
for ent := range strings.FieldsFuncSeq(v, isSlashRune) {
if ent == ".." {
return true
}
}
return false
}
func BenchmarkDotDot(b *testing.B) {
testCases := []string{
"/path/to/somewhere",
"/path/../to/somewhere",
"/really/long/path/with/many/segments",
"../../../deep/path",
}
b.Run("Loop", func(b *testing.B) {
for i := 0; i < b.N; i++ {
for _, tc := range testCases {
containsDotDotLoop(tc)
}
}
})
b.Run("Seq", func(b *testing.B) {
for i := 0; i < b.N; i++ {
for _, tc := range testCases {
containsDotDotSeq(tc)
}
}
})
}
go test -bench=. -benchmem
goos: darwin
goarch: arm64
pkg: bc
cpu: Apple M1
BenchmarkDotDot/Loop-8 6133270 193.7 ns/op 144 B/op 2 allocs/op
BenchmarkDotDot/Seq-8 23172360 51.19 ns/op 0 B/op 0 allocs/op
PASS
ok bc 2.633s
Change-Id: I529c296e701b22710e21b53877aa798799980a3b
Reviewed-on: https://go-review.googlesource.com/c/go/+/639536
Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
|
|
Pull in x/net CL 642606 and CL 643256 and regenerate h2_bundle.go:
http2: disable extended CONNECT by default
http2: encode :protocol pseudo-header before regular headers
For #36905.
Fixes #70728.
Fixes #71128.
[git-generate]
go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=internal-branch.go1.24-vendor
Change-Id: Id853cb96f8fc410956666f5c3ab4c5889c703503
Reviewed-on: https://go-review.googlesource.com/c/go/+/642398
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
|
|
When an HTTP redirect changes the host of a request, we drop
sensitive headers such as Authorization from the redirected request.
Fix a bug where a chain of redirects could result in sensitive
headers being sent to the wrong host:
1. request to a.tld with Authorization header
2. a.tld redirects to b.tld
3. request to b.tld with no Authorization header
4. b.tld redirects to b.tld
3. request to b.tld with Authorization header restored
Thanks to Kyle Seely for reporting this issue.
For #70530
Fixes CVE-2024-45336
Change-Id: Ia58a2e10d33d6b0cc7220935e771450e5c34de72
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/1641
Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Commit-Queue: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/643095
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
|
|
Fixes #70874
Change-Id: Icbcfc95e6b45521880287dcc3bc8609461a3b401
GitHub-Last-Rev: 05276c56b019d8774e8eee881101509cf83c0f3d
GitHub-Pull-Request: golang/go#70877
Reviewed-on: https://go-review.googlesource.com/c/go/+/637035
Reviewed-by: qiu laidongfeng2 <2645477756@qq.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Ian Lance Taylor <iant@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
|
|
Observed on a builder in an unrelated CL.
https://logs.chromium.org/logs/golang/buildbucket/cr-buildbucket/8728107031663629713/+/u/step/11/log/2
goroutine 27937 gp=0xc00000f6c0 m=20 mp=0xc000085008 [running]:
panic({0x560ac0?, 0xa1f400?})
C:/b/s/w/ir/x/w/goroot/src/runtime/panic.go:806 +0x168 fp=0xc00043fac8 sp=0xc00043fa18 pc=0xa5f88
testing.tRunner.func1.2({0x560ac0, 0xa1f400})
C:/b/s/w/ir/x/w/goroot/src/testing/testing.go:1734 +0x219 fp=0xc00043fb78 sp=0xc00043fac8 pc=0x1537f9
testing.tRunner.func1()
C:/b/s/w/ir/x/w/goroot/src/testing/testing.go:1737 +0x359 fp=0xc00043fce0 sp=0xc00043fb78 pc=0x153259
panic({0x560ac0?, 0xa1f400?})
C:/b/s/w/ir/x/w/goroot/src/runtime/panic.go:787 +0x132 fp=0xc00043fd90 sp=0xc00043fce0 pc=0xa5f52
runtime.panicmem(...)
C:/b/s/w/ir/x/w/goroot/src/runtime/panic.go:262
runtime.sigpanic()
C:/b/s/w/ir/x/w/goroot/src/runtime/signal_windows.go:401 +0x198 fp=0xc00043fdd8 sp=0xc00043fd90 pc=0x87938
net/http_test.testTransportIdleConnTimeout.func3(...)
C:/b/s/w/ir/x/w/goroot/src/net/http/transport_test.go:5503
net/http_test.testTransportIdleConnTimeout(0xc000e83340, {0x5ec863, 0x2})
C:/b/s/w/ir/x/w/goroot/src/net/http/transport_test.go:5522 +0x4c1 fp=0xc00043ff20 sp=0xc00043fdd8 pc=0x47a841
net/http_test.run[...].func1()
C:/b/s/w/ir/x/w/goroot/src/net/http/clientserver_test.go:93 +0xfe fp=0xc00043ff70 sp=0xc00043ff20 pc=0x49a21e
testing.tRunner(0xc000e83340, 0xc0004687b0)
C:/b/s/w/ir/x/w/goroot/src/testing/testing.go:1792 +0xcb fp=0xc00043ffc0 sp=0xc00043ff70 pc=0x152e4b
testing.(*T).Run.gowrap1()
C:/b/s/w/ir/x/w/goroot/src/testing/testing.go:1851 +0x25 fp=0xc00043ffe0 sp=0xc00043ffc0 pc=0x153e65
runtime.goexit({})
C:/b/s/w/ir/x/w/goroot/src/runtime/asm_amd64.s:1700 +0x1 fp=0xc00043ffe8 sp=0xc00043ffe0 pc=0xadfe1
created by testing.(*T).Run in goroutine 27899
C:/b/s/w/ir/x/w/goroot/src/testing/testing.go:1851 +0x3f6
Change-Id: I3f8bd7c7863b5031ff43d4837dfe11d26ac75652
Reviewed-on: https://go-review.googlesource.com/c/go/+/637897
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
