Skip to content

net/http: rejects requests where headers have whitespace #14392

Closed
@theckman

Description

@theckman

Congratulations on the Go 1.6 release! With the new release of Go, a behavior has been introduced that cannot be disabled and causes some of my HTTP requests to fail:

Researching further, I do see that there is an RFC dealing with whitespace in headers. Specifically section 3.2.3 of this document: https://tools.ietf.org/html/rfc7230.

However, this change has seemingly introduced backwards incompatibility with software that I have written against go1.5.3. Specifically, software that is using the same authentication mechanism as the 11.x release of the Chef server.

In their authentication mechanism, they have a header called Hashed Path which is used as part of the authentication and verification of the request. Without this header, the requests fail. I'm not only writing a client that must use this authentication mechanism, but also a server that consumes requests that match this spec.

While I agree that enforcement of the RFC is important, there is no way to guarantee people are not in violation of the RFC due to its fairly recent inception. I'm not asking for the feature to be removed, but wonder if there is a way we could toggle this option for an *http.Server.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions