New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net/http: ReadRequest should return error or not delete Host Header #45513
Comments
Change https://golang.org/cl/308952 mentions this issue: |
If I understand correctly, this is more of just a cleanup, right? Are there any functional changes that your CL makes? |
There is a function called In fact, this function does not allow multiple Host Headers. Because this function only read the first Host Header, and directly discards the rest Host Header. So I agree with what Dave said in #45463, it is more appropriate to return an error when there are multiple Host Headers. |
Thanks. I closed that issue as a duplicate, since this one is more up to date on the current state of this bug. This bug is fixed in Go 1.17, I've updated the milestone accordingly. I don't see a backport request at this time. If you or someone believes this fix should be backported to Go 1.16 and 1.15 and meets the criteria described at https://golang.org/wiki/MinorReleases, please make a backport request using the process documented there. |
@borncrusader also reported this and requested a backport. |
Change https://golang.org/cl/311569 mentions this issue: |
Change https://golang.org/cl/311569 mentions this issue: |
What version of Go are you using (
go version
)?What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I noticed that
http.readRequest
has a param calleddeleteHostHeader
to control whether to delete theHost
ofRequest.Header
. It seems to be designed so thathttp.ReadRequest
can skip theHost
check.But if
http.ReadRequest
setsdeleteHostHeader
to true, the firstHost
Header is read inreadRequest
and theHost
Header is deleted, which makeshttp.ReadRequest
lose the rest of the Host Header.I don't understand whether the processing of the Host Header is to be skipped, or the Host Header needs to be check and return error when there is multi Host Header. So I think the processing here can be more clear.
related to #45463
What did you expect to see?
Clear processing strategy for multiple
Host
Headers. For example,http.Request
do not delete theHost
Header, or reject multipleHost
Header RequestsWhat did you see instead?
http.Request
do not check theHost
Header and delete the Host in the Header after getting the firstHost
HeaderThe text was updated successfully, but these errors were encountered: