Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net/http: set MaxResponseHeaderBytes in DefaultTransport? #26315

Closed
bradfitz opened this issue Jul 10, 2018 · 3 comments
Closed

net/http: set MaxResponseHeaderBytes in DefaultTransport? #26315

bradfitz opened this issue Jul 10, 2018 · 3 comments
Assignees
Milestone

Comments

@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Jul 10, 2018

Should we set MaxResponseHeaderBytes to something non-zero in http.DefaultTransport?

Even if it it's something insane, like 10MB? Just to put some protection on it for users.

@bradfitz bradfitz added this to the Go1.12 milestone Jul 10, 2018
@bradfitz bradfitz self-assigned this Jul 10, 2018
@rsc

This comment has been minimized.

Copy link
Contributor

@rsc rsc commented Sep 26, 2018

Are there other protection defaults we missed? 10 MB seems OK. (Or check with Chrome team.)

@rsc rsc added the NeedsFix label Sep 26, 2018
@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Sep 26, 2018

Change https://golang.org/cl/137717 mentions this issue: net/http: set MaxResponseHeaderBytes on DefaultTransport

@bradfitz

This comment has been minimized.

Copy link
Contributor Author

@bradfitz bradfitz commented Oct 2, 2018

@dmitshur points out that https://go-review.googlesource.com/c/go/+/21329/2/src/net/http/transport.go already defined the zero value to mean 10 MB.

So there's nothing to do here.

@bradfitz bradfitz closed this Oct 2, 2018
@golang golang locked and limited conversation to collaborators Oct 2, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.