New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oauth/requestheaders: escape semicolon in URI #26596
Conversation
There's an errant semicolon in one of the test cases in oauth/requestheaders.go. Prior to 1.17, go handled this behavior and treated it like a &. However, go's behavior has changed in 1.17[1]: The net/url and net/http packages used to accept ";" (semicolon) as a setting separator in URL queries, in addition to "&" (ampersand). Now, settings with non-percent-encoded semicolons are rejected and net/http servers will log a warning to Server.ErrorLog when encountering one in a request URL. For example, before Go 1.17 the Query method of the URL example?a=1;b=2&c=3 would have returned map[a:[1] b:[2] c:[3]], while now it returns map[c:[3]]. In go 1.17, the request is now parsed differently so the server returns 400 (bad request). [1] https://golang.org/doc/go1.17#semicolons
/assign @stlaz |
@stbenjam: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Serial failed, but not on that test, so that's something /test e2e-aws-serial |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: stbenjam, stlaz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest-required |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
/retest-required Please review the full test history for this PR and help us cut down flakes. |
There's an errant semicolon in one of the test cases in
oauth/requestheaders.go. Prior to 1.17, go handled this behavior and
treated it like a &. However, go's behavior has changed in 1.17[1]:
In go 1.17, the request is now parsed differently so the server returns
400 (bad request).
[1] https://golang.org/doc/go1.17#semicolons