commit | bb54a855a9b5733569f40ac19a2c338b87c23d14 | [log] [tgz] |
---|---|---|
author | Andrew Gerrand <adg@golang.org> | Wed May 13 10:39:11 2020 +1000 |
committer | Andrew Gerrand <adg@golang.org> | Tue Aug 25 06:01:11 2020 +0000 |
tree | d49eb41dc40d01f1e4e71c04d7e78fce54ba8111 | |
parent | b3d9cf7a07518020c6ec5032474aafef9345cdd5 [diff] |
net/http: handle Request.URL.RawPath in StripPrefix The StripPrefix wrapper strips a prefix string from the request's URL.Path field, but doesn't touch the RawPath field. This leads to the confusing situation when StripPrefix handles a request with URL.RawPath populated (due to some escaped characters in the request path) and the wrapped request's RawPath contains the prefix but Path does not. This change modifies StripPrefix to strip the prefix from both Path and RawPath. If there are escaped characters in the prefix part of the request URL the stripped handler serves a 404 instead of invoking the underlying handler with a mismatched Path/RawPath pair. This is a backward incompatible change for a very small minority of requests; I would be surprised if anyone is depending on this behavior, but it is possible. If that's the case, we could make a more conservative change where the RawPath is trimmed if possible, but when the prefix contains escaped characters then we don't 404 but rather send through the invalid Path/RawPath pair as before. Fixes #24366 Change-Id: I7030b8c183a3dfce307bc0272bba9a18df4cfe08 Reviewed-on: https://go-review.googlesource.com/c/go/+/233637 Run-TryBot: Emmanuel Odeke <emm.odeke@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Emmanuel Odeke <emm.odeke@gmail.com> Reviewed-by: Bryan C. Mills <bcmills@google.com>
Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.
Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.
Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.
Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.
Official binary distributions are available at https://golang.org/dl/.
After downloading a binary release, visit https://golang.org/doc/install or load doc/install.html in your web browser for installation instructions.
If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source or load doc/install-source.html in your web browser for source installation instructions.
Go is the work of thousands of contributors. We appreciate your help!
To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html
Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.