proposal: net/http: record http header field order #21853
Labels
Milestone
Comments
ianlancetaylor
changed the title
|
CC @tombergan |
|
I agree that tracing is a better way to get this data, if at all. Putting anything new like this into Request bloats request and forces extra tracking and preparation for something that 99.99% of clients are never going to ask for. In contrast, tracing can be restricted to only the times when tracing is actually happening. It doesn't take up extra space in data structures or extra execution time the rest of the time. Going to mark close this. If you would like to interpret this as a dup of #18997, that's fine, although that issue doesn't seem close enough to a clear proposal to evaluate whether that's really true. |
|
@shanemhansen I don’t suppose you can send me your modified net/http source so I can implement too? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I know this issue has been discussed before, but I'm not sure if this use case has been brought considered. In some cases it can be useful for a WAF to understand what the original header order of a request was. For example see this attempt to detect phantomjs browsers based on when the Host header appears. https://blog.shapesecurity.com/2015/01/22/detecting-phantomjs-based-visitors/
If go can record/model header order then go can more easily do WAF stuff and block bad requests going into an organization's network, arguably an enhancement in an area Go is already optimized for (network proxies).
I propose adding a attribute to http.Request called RawHeader which is a [][2]string.
I've ran a fork of go with this particular enhancement for a couple years, and my organization has found this feature useful.
See also #19292
The text was updated successfully, but these errors were encountered: