Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: further restrict which trailers may be sent #14188

Closed
bradfitz opened this issue Feb 2, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@bradfitz
Copy link
Member

commented Feb 2, 2016

http://tools.ietf.org/html/rfc7230#section-4.1.2

   A sender MUST NOT generate a trailer that contains a field necessary
   for message framing (e.g., Transfer-Encoding and Content-Length),
   routing (e.g., Host), request modifiers (e.g., controls and
   conditionals in Section 5 of [RFC7231]), authentication (e.g., see
   [RFC7235] and [RFC6265]), response control data (e.g., see Section
   7.1 of [RFC7231]), or determining how to process the payload (e.g.,
   Content-Encoding, Content-Type, Content-Range, and Trailer).

@bradfitz bradfitz self-assigned this Feb 2, 2016

@bradfitz bradfitz added this to the Go1.7 milestone Feb 2, 2016

gopherbot pushed a commit to golang/net that referenced this issue May 19, 2016

http2: reject more trailer values
Updates golang/go#14188

Change-Id: Ic274841422fcb6179c0a782956bbfa336d27f1e1
Reviewed-on: https://go-review.googlesource.com/23230
Reviewed-by: Andrew Gerrand <adg@golang.org>
@gopherbot

This comment has been minimized.

Copy link

commented May 19, 2016

CL https://golang.org/cl/23234 mentions this issue.

@gopherbot gopherbot closed this in 255e206 May 19, 2016

@golang golang locked and limited conversation to collaborators May 19, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.