]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 9bc5268) | patch
net/http/httputil: always remove hop-by-hop headers
authorFilippo Valsorda <filippo@golang.org>
Fri, 21 May 2021 18:02:30 +0000 (14:02 -0400)
committerFilippo Valsorda <filippo@golang.org>
Thu, 27 May 2021 15:00:58 +0000 (15:00 +0000)
commit950fa11c4cb01a145bb07eeb167d90a1846061b3
treefd1f694cc31ac4dbc37847dcaff2d4819533dba4tree
parent9bc52686da81b515cf3ad654dfb1a536fabceafacommit | diff
net/http/httputil: always remove hop-by-hop headers

Previously, we'd fail to remove the Connection header from a request
like this:

    Connection:
    Connection: x-header

Fixes #46313
Fixes CVE-2021-33197

Change-Id: Ie3009e926ceecfa86dfa6bcc6fe14ff01086be7d
Reviewed-on: https://go-review.googlesource.com/c/go/+/321929
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
src/net/http/httputil/reverseproxy.go diff | blob | history
src/net/http/httputil/reverseproxy_test.go diff | blob | history
Go GOST TLS 1.3