]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: c92adf4) | patch
[release-branch.go1.15] net/http/httputil: always remove hop-by-hop headers
authorFilippo Valsorda <filippo@golang.org>
Fri, 21 May 2021 18:02:30 +0000 (14:02 -0400)
committerKatie Hockman <katie@golang.org>
Fri, 28 May 2021 14:38:20 +0000 (14:38 +0000)
commitcbd1ca84453fecf3825a6bb9f985823e8bc32b76
tree91b520217f6b3f7d87e9f07c626795c4a79bb532tree
parentc92adf420a3d9a5510f9aea382d826f0c9216a10commit | diff
[release-branch.go1.15] net/http/httputil: always remove hop-by-hop headers

Previously, we'd fail to remove the Connection header from a request
like this:

    Connection:
    Connection: x-header

Updates #46313
Fixes #46314
Fixes CVE-2021-33197

Change-Id: Ie3009e926ceecfa86dfa6bcc6fe14ff01086be7d
Reviewed-on: https://go-review.googlesource.com/c/go/+/321929
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-on: https://go-review.googlesource.com/c/go/+/323091
Run-TryBot: Katie Hockman <katie@golang.org>
src/net/http/httputil/reverseproxy.go diff | blob | history
src/net/http/httputil/reverseproxy_test.go diff | blob | history
Go GOST TLS 1.3