Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http/pprof: Index func does not set Content-Type header to text/html #37311

Closed
eudore opened this issue Feb 20, 2020 · 6 comments
Closed

net/http/pprof: Index func does not set Content-Type header to text/html #37311

eudore opened this issue Feb 20, 2020 · 6 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Backlog

Comments

@eudore
Copy link

eudore commented Feb 20, 2020
edited

Does this issue reproduce with the latest release?

yes

What did you do?

if global set response header X-Content-Type-Options=nosniff,pprof.Index response is text not is html in chrome.

read current golang.org net/http/pprof library sourcecode,pprof.Index func is not set header content-type: text/html; charset=utf-8,so chrome show is text.

------------ update ---------
my http server not is net/http.Server, will not defualt set content-type, so response does not exist context, and appear this error.
@toothrot toothrot changed the title net/http/pprof: not set Index func response header content-type to text/html net/http/pprof: Index func does not set Content-Type header to text/html Feb 20, 2020
@toothrot toothrot added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Feb 20, 2020
@toothrot toothrot added this to the Backlog milestone Feb 20, 2020
@toothrot
Copy link
Contributor

/cc @hyangah

@gopherbot
Copy link

Change https://golang.org/cl/220324 mentions this issue: net/http/pprof: set content type for /debug/pprof

@eudore
Copy link
Author

eudore commented Feb 21, 2020

This issue has two conditions: add security header X-Content-Type-Options and not use net/http.Server(use Server will not add default content-type: text/html; charset=utf-8).

X-Content-Type-Options is security header not recommend add to pprof.Index, Because possible nginx proxy add the is header, Finally added two of this header.

No problem adding headers after testing, Please consider not adding X-Content-Type-Options in pprof.Index

@hyangah
Copy link
Contributor

hyangah commented Feb 21, 2020

@eudore I am afraid I don't understand what you want. My CL simply made the handler consistent with other existing handllers (Symbol, Profile, Trace, Cmdline, and error cases). If that's not what you want, send a PR with a clear explanation on why that's not desirable. Thanks.

@eudore
Copy link
Author

eudore commented Feb 21, 2020

only add header content-type: text/html; charset=utf-8, No need X-Content-Type-Options.

@eudore eudore closed this as completed Feb 21, 2020
@eudore
Copy link
Author

eudore commented Feb 21, 2020

I think it's my server's default content-type problem, so I issue it off.
Thank you golang developers and supporters for their support.

gopherbot pushed a commit that referenced this issue Feb 21, 2020
@hyangah
net/http/pprof: set content type for /debug/pprof
f5ff005 
Fixes #37311

Change-Id: I9e1f37e991e5c203fe72061692f47584fbadfc58
Reviewed-on: https://go-review.googlesource.com/c/go/+/220324
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com>
@golang golang locked and limited conversation to collaborators Feb 20, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@toothrot @hyangah @gopherbot @eudore