Skip to content

/go

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: further restrict which trailers may be sent #14188

Closed
bradfitz opened this issue Feb 2, 2016 · 1 comment

Comments

Assignees

@bradfitz bradfitz

Labels
FrozenDueToAge
Projects
None yet
Milestone
  Go1.7
2 participants
@bradfitz @gopherbot
@bradfitz
Copy link
Member

commented Feb 2, 2016

http://tools.ietf.org/html/rfc7230#section-4.1.2

   A sender MUST NOT generate a trailer that contains a field necessary
   for message framing (e.g., Transfer-Encoding and Content-Length),
   routing (e.g., Host), request modifiers (e.g., controls and
   conditionals in Section 5 of [RFC7231]), authentication (e.g., see
   [RFC7235] and [RFC6265]), response control data (e.g., see Section
   7.1 of [RFC7231]), or determining how to process the payload (e.g.,
   Content-Encoding, Content-Type, Content-Range, and Trailer).

@bradfitz bradfitz self-assigned this Feb 2, 2016

@bradfitz bradfitz added this to the Go1.7 milestone Feb 2, 2016

gopherbot pushed a commit to golang/net that referenced this issue May 19, 2016

@bradfitz
http2: reject more trailer values 
Updates golang/go#14188

Change-Id: Ic274841422fcb6179c0a782956bbfa336d27f1e1
Reviewed-on: https://go-review.googlesource.com/23230
Reviewed-by: Andrew Gerrand <adg@golang.org>
3c5cb15
@gopherbot

This comment has been minimized.

Sign in to view
Copy link

commented May 19, 2016

CL https://golang.org/cl/23234 mentions this issue.

@gopherbot gopherbot closed this in 255e206 May 19, 2016

@golang golang locked and limited conversation to collaborators May 19, 2017

@gopherbot gopherbot added the FrozenDueToAge label May 19, 2017

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.