From: Julien Cretel Date: Mon, 23 Jun 2025 16:19:19 +0000 (+0000) Subject: net/http: reduce allocs in CrossOriginProtection.Check X-Git-Tag: go1.25rc2~2^2~34 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=fcb9850859;p=gostls13.git net/http: reduce allocs in CrossOriginProtection.Check Rather than repeatedly creating error values on CrossOriginProtection.Check's unhappy paths, return non-exported and effectively constant error variables. For #73626. Change-Id: Ibaa036c29417071b3601b8d200ab0902359d1bb9 GitHub-Last-Rev: e704d63cd63665845d544796e802134ea608e217 GitHub-Pull-Request: golang/go#74251 Reviewed-on: https://go-review.googlesource.com/c/go/+/681178 Reviewed-by: Sean Liao Reviewed-by: qiu laidongfeng2 <2645477756@qq.com> Reviewed-by: Junyang Shao LUCI-TryBot-Result: Go LUCI Reviewed-by: Dmitri Shuralyov --- diff --git a/src/net/http/csrf.go b/src/net/http/csrf.go index 8812a508ae..5e1b686fd1 100644 --- a/src/net/http/csrf.go +++ b/src/net/http/csrf.go @@ -136,7 +136,7 @@ func (c *CrossOriginProtection) Check(req *Request) error { if c.isRequestExempt(req) { return nil } - return errors.New("cross-origin request detected from Sec-Fetch-Site header") + return errCrossOriginRequest } origin := req.Header.Get("Origin") @@ -159,10 +159,15 @@ func (c *CrossOriginProtection) Check(req *Request) error { if c.isRequestExempt(req) { return nil } - return errors.New("cross-origin request detected, and/or browser is out of date: " + - "Sec-Fetch-Site is missing, and Origin does not match Host") + return errCrossOriginRequestFromOldBrowser } +var ( + errCrossOriginRequest = errors.New("cross-origin request detected from Sec-Fetch-Site header") + errCrossOriginRequestFromOldBrowser = errors.New("cross-origin request detected, and/or browser is out of date: " + + "Sec-Fetch-Site is missing, and Origin does not match Host") +) + // isRequestExempt checks the bypasses which require taking a lock, and should // be deferred until the last moment. func (c *CrossOriginProtection) isRequestExempt(req *Request) bool {