You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[If] you write a header after the body has been written and status has been set in an HTTP handler, that's a bug because it has no effect. If you're testing using an httptest.ResponseRecorder, its HeaderMap will record the header and might make you think that your code is working when it's not. This is #8857. In response to that bug the behavior was changed to snapshot the headers instead, but that caused another problem (#15560) so it was reverted.
For Go 2, we should change the ResponseRecorder API to make it impossible for the user to access any header map that may be mutated after Write/WriteHeader. Allowing that makes it too easy to accidentally think headers are being written when they're buggily being set after the body has already been written.
I haven't given the specifics much thought, but maybe ResponseRecorder should be more opaque and only expose its data via Result.
Note that besides HeaderMap, it's also easy for the user to call ResponseRecorder.Header to get at internal header map. I don't see how to prevent the user from getting at this with the current ResponseWriter API. Maybe all we can do is delete the HeaderMap field.
This is follow-up from #8857, #15560, #16717, and #25763.
To quote my summary from #25763:
For Go 2, we should change the ResponseRecorder API to make it impossible for the user to access any header map that may be mutated after Write/WriteHeader. Allowing that makes it too easy to accidentally think headers are being written when they're buggily being set after the body has already been written.
I haven't given the specifics much thought, but maybe ResponseRecorder should be more opaque and only expose its data via Result.
cc @bradfitz
The text was updated successfully, but these errors were encountered: