Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
cmd/go: Pass the target module to GOPROXY #27133
The Go Command should send a custom header to the GOPROXY server letting it know what the target module is.
For example if you have the following go.mod file:
Then when the users issues a mod-enabled command such as
This means the GOPROXY server can have access logic based on what you're trying to build. For example, only modules starting with
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
I'm not necessarily against this, but the use-case seems a bit unconvincing to me.
The proxy cannot trust the value from the client, so it provides no appreciable security per se. After all, I could trivially write my own meta-proxy that sets this header to a constant and otherwise forwards on the request to the NYTimes proxy. This seems to limit the value to the server, atleast compared to somehow authenticating the client.
And since the goal appears to be to have a default-enabled set of public proxies, then I don't think we should require disclosing any unnecessary information to the proxy.
@bcmills Not sure how to achieve the same results with
For example, if I have a module (say github.com/marwan/secret), and I only want 3 other modules to be able to import it (github.com/bcmills/client, github.com/other/client, and gopkg.in/secret-client)
An attacker can try to ping my GOPROXY server to download github.com/marwan/secret, but they will never be able to get it unless they have a header that has one of those three modules.
I understand the use case is a bit weird, but I thought I'd suggest it to see if there's a valuable use case here.
This does not pass muster as a security feature, because there is no reason to believe the client is not lying. If what you want is authentication, you'll need a real authentication protocol.
As a generic feature, I wouldn't ever want this to encourage a proxy to serve different content based on the target module, because the cache is shared and the security systems we are building assume that module version contents never change and are universal.
By the way, the cache breaks your intended use case as well, because once a module is fetched it can be used anywhere. I am not inclined to accept this, but I am not the decision maker.