// requests and handle them via the Handler interface. ReadRequest
// only supports HTTP/1.x requests. For HTTP/2, use golang.org/x/net/http2.
func ReadRequest(b *bufio.Reader) (*Request, error) {
- return readRequest(b, deleteHostHeader)
-}
+ req, err := readRequest(b)
+ if err != nil {
+ return nil, err
+ }
-// Constants for readRequest's deleteHostHeader parameter.
-const (
- deleteHostHeader = true
- keepHostHeader = false
-)
+ delete(req.Header, "Host")
+ return req, err
+}
-func readRequest(b *bufio.Reader, deleteHostHeader bool) (req *Request, err error) {
+func readRequest(b *bufio.Reader) (req *Request, err error) {
tp := newTextprotoReader(b)
req = new(Request)
return nil, err
}
req.Header = Header(mimeHeader)
+ if len(req.Header["Host"]) > 1 {
+ return nil, fmt.Errorf("too many Host headers")
+ }
// RFC 7230, section 5.3: Must treat
// GET /index.html HTTP/1.1
if req.Host == "" {
req.Host = req.Header.get("Host")
}
- if deleteHostHeader {
- delete(req.Header, "Host")
- }
fixPragmaCacheControl(req.Header)
in: "HEAD / HTTP/1.1\r\nContent-Length:0\r\nContent-Length: 0\r\n\r\n",
header: Header{"Content-Length": {"0"}},
},
+ 11: {
+ in: "HEAD / HTTP/1.1\r\nHost: foo\r\nHost: bar\r\n\r\n\r\n\r\n",
+ err: "too many Host headers",
+ },
}
func TestReadRequestErrors(t *testing.T) {
peek, _ := c.bufr.Peek(4) // ReadRequest will get err below
c.bufr.Discard(numLeadingCRorLF(peek))
}
- req, err := readRequest(c.bufr, keepHostHeader)
+ req, err := readRequest(c.bufr)
if err != nil {
if c.r.hitReadLimit() {
return nil, errTooLarge
if req.ProtoAtLeast(1, 1) && (!haveHost || len(hosts) == 0) && !isH2Upgrade && req.Method != "CONNECT" {
return nil, badRequestError("missing required Host header")
}
- if len(hosts) > 1 {
- return nil, badRequestError("too many Host headers")
- }
if len(hosts) == 1 && !httpguts.ValidHostHeader(hosts[0]) {
return nil, badRequestError("malformed Host header")
}