Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http/httptest: clarify that Server.Client is only good for Server.URL #30774

Open
bradfitz opened this issue Mar 12, 2019 · 3 comments
Open

net/http/httptest: clarify that Server.Client is only good for Server.URL #30774

bradfitz opened this issue Mar 12, 2019 · 3 comments
Labels
Documentation NeedsFix The path to resolution is known, but the work has not been done.
Milestone
Backlog

Comments

@bradfitz
Copy link
Contributor

The docs don't make it clear that the http.Client returned by httptest.Server.Client is only good for hitting httptest.Server.URL.

That is, the http.Client's Transport doesn't redirect all dials of any hostname to the test server. (Maybe it should? Would that break existing users?)

/cc @Capstan
@bradfitz bradfitz added Documentation NeedsFix The path to resolution is known, but the work has not been done. labels Mar 12, 2019
@bradfitz bradfitz added this to the Go1.13 milestone Mar 12, 2019
@Capstan
Copy link

Capstan commented Mar 12, 2019

If a test is testing that a client configures the right host and port, it'd be nice if there were a recipe for how to use httptest.Server with that, ideally without much or heavyweight (e.g., cert generation on the fly) boilerplate.

@bradfitz bradfitz mentioned this issue Apr 2, 2019
Open
@andybons andybons modified the milestones: Go1.13, Go1.14 Jul 8, 2019
@rsc rsc modified the milestones: Go1.14, Backlog Oct 9, 2019
@odeke-em
Copy link
Member

If a test is testing that a client configures the right host and port, it'd be nice if there were a recipe for how to use httptest.Server with that, ideally without much or heavyweight (e.g., cert generation on the fly) boilerplate.

I think one can already use a roundtripper e.g. https://play.golang.org/p/UBfwFeTxK2n or inlined below

package main

import (
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
	"net/http/httputil"
	"strings"
)

type hostnameChecker string

func (hnc hostnameChecker) RoundTrip(req *http.Request) (*http.Response, error) {
	if g, w := req.URL.Hostname(), string(hnc); g != w {
		return nil, fmt.Errorf("Hostname mismatch: %q, wanted %q", g, w)
	}
	res := &http.Response{
		Status:        "OK",
		StatusCode:    200,
		Body:          ioutil.NopCloser(strings.NewReader("Hello")),
		ContentLength: 5,
	}
	return res, nil
}

func main() {
	hnc := hostnameChecker("golang.org")
	req, _ := http.NewRequest("GETT", "http://example.org", nil)
	client := &http.Client{Transport: hnc}
	res, err := client.Do(req)
	if err != nil {
		log.Fatal(err)
	}
	blob, _ := httputil.DumpResponse(res, true)
	println(string(blob))
}

so that use case can already be handled, unless am mistaken.

The docs don't make it clear that the http.Client returned by httptest.Server.Client is only good for hitting httptest.Server.URL.

As you obviously already know, the client created here is the bare minimum http client

Start

go/src/net/http/httptest/server.go

Lines 122 to 124 in 46be01f

if s.client == nil {
s.client = &http.Client{Transport: &http.Transport{}}
}

and then just configured with the same certs as the server

StartTLS

go/src/net/http/httptest/server.go

Lines 139 to 169 in 46be01f

if s.client == nil {
s.client = &http.Client{Transport: &http.Transport{}}
}
cert, err := tls.X509KeyPair(internal.LocalhostCert, internal.LocalhostKey)
if err != nil {
panic(fmt.Sprintf("httptest: NewTLSServer: %v", err))
}
existingConfig := s.TLS
if existingConfig != nil {
s.TLS = existingConfig.Clone()
} else {
s.TLS = new(tls.Config)
}
if s.TLS.NextProtos == nil {
s.TLS.NextProtos = []string{"http/1.1"}
}
if len(s.TLS.Certificates) == 0 {
s.TLS.Certificates = []tls.Certificate{cert}
}
s.certificate, err = x509.ParseCertificate(s.TLS.Certificates[0].Certificate[0])
if err != nil {
panic(fmt.Sprintf("httptest: NewTLSServer: %v", err))
}
certpool := x509.NewCertPool()
certpool.AddCert(s.certificate)
s.client.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
RootCAs: certpool,
},
}

and the docs https://golang.org/pkg/net/http/httptest/#Server.Client
Screen Shot 2019-10-13 at 11 43 06 PM

loosely talk about that client being for making calls to server but don't emphasize exclusive allegiance to the server.

I think that changing dials of any hostname to the test server might break users whose tests might be comparing HTTP responses served by a handler to those from an external server during say integration tests.

Perhaps to help us compare and find the usage of (*httptest.Server).Client() with other URLs, I'll kindly ping the Sourcegraph people who've indexed source code publicly available and examine some usages @sqs @vanesa or even Github's BigQuery corpus as well.

Ultimately, thought I think it is reasonable to tighten all redirects regardless of hostname to the test server, and if anyone is using the client from net/http/httptest, they should instead switch to using net/http.

agcom added a commit to agcom/go that referenced this issue Apr 25, 2024
@agcom
net/http/httptest: add comment to Server.Client() about Server.URL
641b41a 
Related to golang#30774.
@agcom agcom mentioned this issue Apr 25, 2024
Open
@gopherbot
Copy link

Change https://go.dev/cl/581777 mentions this issue: net/http/httptest: add comment to Server.Client() about Server.URL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Documentation NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
6 participants
@bradfitz @rsc @andybons @Capstan @odeke-em @gopherbot