Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
net/http: StripPrefix regression from fix for #30165 #31622
The fix for #30165 breaks code relying on the stripped prefix to elide a leading
I raise this only because I have a test that ensures a response cannot change; that test failed on tip.
What did you do?
What did you expect to see?
What did you see instead?
Does this issue reproduce with the latest release (go1.12.4)?
No, tip only.
I suspect this is an unfortunate but intended consequence of fixing #30165. Code relying on that should be updated not to rely on it. That is, instead of:
http.Handle("/foo/", http.StripPrefix("/foo/", h))
It makes more sense to me to be writing:
http.Handle("/foo/", http.StripPrefix("/foo", h))
That leads to a more consistent behavior. Handlers almost always receive absolute request paths, and trying to handle or support paths that don't begin with a "/" is often going to be problematic or impossible.
But I'll let Brad see if anything else can/should be done. /cc @bradfitz
I agree it's a consequence, but it it is misleading to start with a cleaned path, strip a known prefix, and end up with a result where the full prefix was not stripped. Handlers that are coded to only be behind StripPrefix now have to also know that maybe a slash is not stripped, even if requested.
The original problem exists because the file server is relying on r.URL.Path to be non-empty; the fix should be to check that it is non-empty before indexing into the path. The original code should also likely just be using FileServer.
A decision hasn't been made, and I agree it needs to be made by 1.13. Adding release-blocker label to make a decision on how to proceed here (to roll back the original fix, find a solution that keeps the original fix without introducing this regression, or to document the change in behavior).
The change in CL 161738 unconditionally cleans the path, but to fix the original issue #30165, it would be sufficient to take action only when the post-strip path is the empty string. Cleaning the entire path in seems like it might be too large of a behavior change to make for
I think a safe thing to do here would be to roll back the CL and apply a more targeted fix (perhaps for 1.14).
In the past, poor interaction between
By now, the bar for changing
We'll roll back the original CL, reopen #30165, and try again.