You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
if we got dial error when using the proxy lists, we should try next proxy. Now only 404 and 410 will try next proxy.
Get https://proxy.golang.org: dial tcp 172.217.24.14:80: i/o timeout
We can wrap dial op error as a no exist error to implement it.
As default lists https://proxy.golang.org,direct, if some users can't access https://proxy.golang.org, they will fall back to direct, maybe we should custom the timeout para, maybe not.
My personal preference is not to try the next proxy if the first proxy fails or isn't reachable - so the user knows the failure situation and chooses to explicitly opt out to the next proxy or gets alerted.
If we fallback to the next proxy silently in case the first proxy fails to responds, it can lead to unexpected leakage of private module paths. There could be other security implication but I will let @FiloSottile chime in.
Since GONOSUMDB is not scoped per proxy, this would let the fallback proxy provide arbitrary answers for company.internal/foo if http://proxy.internal is unreachable. That's pretty much unacceptable.
if we got dial error when using the proxy lists, we should try next proxy. Now only 404 and 410 will try next proxy.
We can wrap dial op error as a
no exist error
to implement it.As default lists
https://proxy.golang.org,direct
, if some users can't accesshttps://proxy.golang.org
, they will fall back todirect
, maybe we should custom thetimeout
para, maybe not./cc @rsc @bcmills
The text was updated successfully, but these errors were encountered: