Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: invalid method strings #12078

Closed
gdouezangrard opened this issue Aug 8, 2015 · 5 comments

Comments

Projects
None yet
5 participants
@gdouezangrard
Copy link

commented Aug 8, 2015

Hi.

Following the discussion at net/http: add method constants from RFC 2616 and net/http: HTTP methods check.

  1. What version of Go are you using (go version)?
    go version 1.4.2 linux/amd64
  2. What operating system and processor architecture are you using?
    Archlinux 4.1.4-1-ck #1 SMP PREEMPT Mon Aug 3 16:56:11 EDT 2015 x86_64 GNU/Linux
  3. What did you do?
    req, err := http.NewRequest("GET ", url, nil), notice the extra space.
  4. What did you expect to see?
    An error as it is not a valid HTTP method.
  5. What did you see instead?
    For https://golang.org, the proper response for a GET request is send but it is inconsistent between servers. For instance, if we use " GET", some servers will respond with a bad request status.

It would also be useful to add the commonly used method constants to net/http from RFC 7231 along with PATCH from RFC 5789:

diff --git a/src/net/http/methods.go b/src/net/http/methods.go
new file mode 100644
index 0000000..3e8b18c
--- /dev/null
+++ b/src/net/http/methods.go
@@ -0,0 +1,21 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package http
+
+// HTTP methods, defined in RFC 7231.
+const (
+       MethodHead   = "HEAD"
+       MethodGet    = "GET"
+       MethodPut    = "PUT"
+       MethodPost   = "POST"
+       MethodDelete = "DELETE"
+
+       MethodConnect = "CONNECT"
+       MethodOptions = "OPTIONS"
+       MethodTrace   = "TRACE"
+)
+
+// PATCH HTTP method, defined in RFC 5789.
+const MethodPatch = "PATCH"

Regards, sw.

@bradfitz

This comment has been minimized.

Copy link
Member

commented Aug 8, 2015

We should also investigate whether Newrequest and Transport.Roundtrip and Request.Write return errors with bogus methods.

@gdouezangrard gdouezangrard changed the title net/http: add method constants net/http: invalid method strings can lead to inconsistent results Aug 8, 2015

@gdouezangrard gdouezangrard changed the title net/http: invalid method strings can lead to inconsistent results net/http: invalid method strings Aug 8, 2015

@ianlancetaylor ianlancetaylor added this to the Unplanned milestone Aug 8, 2015

@shazow

This comment has been minimized.

Copy link
Contributor

commented Aug 9, 2015

Note that there are lots of APIs out there which use custom HTTP methods (google custom http verbs); returning an error for unexpected methods would significantly diminish the utility of the http library.

@bradfitz

This comment has been minimized.

Copy link
Member

commented Aug 9, 2015

This is only about malformed method names.

@bradfitz bradfitz self-assigned this Nov 12, 2015

@gopherbot

This comment has been minimized.

Copy link

commented Nov 12, 2015

CL https://golang.org/cl/16860 mentions this issue.

@gopherbot

This comment has been minimized.

Copy link

commented Nov 12, 2015

CL https://golang.org/cl/16829 mentions this issue.

@bradfitz bradfitz closed this in 0b314e1 Nov 13, 2015

bradfitz added a commit that referenced this issue Nov 13, 2015

net/http: require valid methods in NewRequest and Transport.RoundTrip
Fixes #12078

Change-Id: If09c927fae639ec4ed3894a2b393a87c1e677803
Reviewed-on: https://go-review.googlesource.com/16829
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Andrew Gerrand <adg@golang.org>

@golang golang locked and limited conversation to collaborators Nov 16, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.