New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"json" links on https://go.googlesource.com/ return invalid JSON documents #25548
Comments
This is working as intended I believe. This prevents a certain class of cross site scripting attacks. |
That is interesting. Do you have any idea where I can find out more about these concerns? Is there a reference to documents that led to this decision? More generally, though, how is the consumer supposed to know that the JSON data thus returned are invalid and to figure out how to recover the valid data? Why should such document be advertised with |
Yes, this is by design and documented: |
@bradfitz I am curious. How was I supposed to find that documentation from https://go.googlesource.com/go/? |
It is a common practice. The server is Gerrit, so search Gerrit docs for
that prefix.
…On Thu, May 24, 2018, 18:48 Hiro Asari ***@***.***> wrote:
@bradfitz <https://github.com/bradfitz> I am curious. How was I supposed
to find that documentation from https://go.googlesource.com/go/?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#25548 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAuFsYo5m0czUgi0SXtY2Fti3M2OG_6Yks5t12LTgaJpZM4UM6fN>
.
|
@BanzaiMan, why are you trying to use the Gerrit API without reading the Gerrit API documentation? |
I appreciate your effort to understand more. Frankly, I was not aware that https://go.googlesource.com/go was served by Gerrit at all. I am not interested in contributing to Go itself; I'm not a Go programmer. I am simply interested in getting the canonical list of releases available. To me, a consumer of the Go lang's project data, what powers https://go.googlesource.com is an implementation detail. I followed: At this point, https://go.googlesource.com/go/+refs seemed like a reasonable place for the information I need. Expecting the 'json' link to return valid JSON (when the server explicitly sets |
@BanzaiMan, ah! Now I understand. I'd never seen that link down there. I'll pass this feedback on to the Gerrit team. |
Instead of manually updating public/version-aliases/go.json with each Go release, we update the necessary data using data provided by the Go lang source itself. Notice that some finessing is necessary because Go lang's git repository does not retrun valid JSON data. See golang/go#25548 (comment)
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version
)?N/A
Does this issue reproduce with the latest release?
N/A
What operating system and processor architecture are you using (
go env
)?N/A
What did you do?
What did you expect to see?
A valid JSON document retrieved by
curl
andjq
displaying a pretty JSON data.What did you see instead?
The first line of returned document is:
which is indeed invalid JSON.
The text was updated successfully, but these errors were encountered: