New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/go: go get -insecure doesn't fallback to http #18179

mg6maciej opened this Issue Dec 3, 2016 · 3 comments


None yet
5 participants

mg6maciej commented Dec 3, 2016

Please answer these questions before submitting your issue. Thanks!

What version of Go are you using (go version)?


What operating system and processor architecture are you using (go env)?


What did you do?

If possible, provide a recipe for reproducing the error.
A complete runnable program is good.
A link on is best.

go get -insecure -d -v doesn't download repo over http.

What did you expect to see?

No errors. Package downloaded.

What did you see instead?

Parsing meta tags from (status code 404)
package unrecognized import path "" (parse no go-import meta tags)

Apparently this change introduced this regression while fixing another edge case scenario. After analyzing the code a bit, I came to conclusion that it would be better to try the whole process of getting go-import meta tags via https and when it fails, retrying with http. Currently the code fails here after getting err != nil from matchGoImport. Only at this point (or earlier if error happens from one of the calls above) there should be switch to http, if insecure flag is given.

@bradfitz bradfitz added this to the Go1.9 milestone Dec 3, 2016


This comment has been minimized.


bradfitz commented Dec 3, 2016

Sorry, this isn't a regression from Go 1.7 to Go 1.8, so flagging for Go 1.9, since we're in a code freeze for the Go 1.8 release right now.

@bradfitz bradfitz changed the title from go get -insecure doesn't fallback to http to cmd/go: go get -insecure doesn't fallback to http Dec 3, 2016


This comment has been minimized.


rsc commented Jun 22, 2017

I am not convinced this is incorrect behavior. -insecure means to try HTTP if HTTPS fails. HTTPS has not failed: it gave an authoritative answer (a 404 page with no <meta> tag).

Is there a good reason for to serve only a subset of its content via HTTPS?

@bradfitz bradfitz modified the milestones: Go1.10, Go1.9 Jun 28, 2017

@rsc rsc modified the milestones: Go1.10, Go1.11 Dec 1, 2017

@gopherbot gopherbot modified the milestones: Go1.11, Unplanned May 23, 2018


This comment has been minimized.

chowey commented Sep 26, 2018

Possibly related, this also seems to break -insecure while going through an http proxy when there is no https. I presume this is because the http proxy returns "503 Bad Gateway" instead of a net error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment