net/http: go 1.20.6 host validation breaks setting Host to a unix socket address [1.21 backport] #61904
Labels
Milestone
Comments
neild
added
the
CherryPickApproved
|
Change https://go.dev/cl/518856 mentions this issue: |
gopherbot
pushed a commit
that referenced
this issue
Aug 14, 2023
…eaders Historically, the Transport has silently truncated invalid Host headers at the first '/' or ' ' character. CL 506996 changed this behavior to reject invalid Host headers entirely. Unfortunately, Docker appears to rely on the previous behavior. When sending a HTTP/1 request with an invalid Host, send an empty Host header. This is safer than truncation: If you care about the Host, then you should get the one you set; if you don't care, then an empty Host should be fine. Continue to fully validate Host headers sent to a proxy, since proxies generally can't productively forward requests without a Host. For #60374 Fixes #61431 Fixes #61904 Change-Id: If170c7dd860aa20eb58fe32990fc93af832742b6 Reviewed-on: https://go-review.googlesource.com/c/go/+/511155 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Run-TryBot: Damien Neil <dneil@google.com> (cherry picked from commit b9153f6) Reviewed-on: https://go-review.googlesource.com/c/go/+/518856 Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Russ Cox <rsc@golang.org>
|
Closed by merging 179821c to release-branch.go1.21. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Backport #61431 to 1.21. (Existing backport issues for 1.19: #61825, 1.20: #61826)
The text was updated successfully, but these errors were encountered: