summaryrefslogtreecommitdiff
path: root/src/net/http/export_test.go
Commit message (Collapse)AuthorAgeFilesLines
* net/http: fix authentication info leakage in Referer header (potential ↵Jens Frederich2014-10-071-0/+5
| | | | | | | | | | | | | | | | | | | | | | security risk) http.Client calls URL.String() to fill in the Referer header, which may contain authentication info. This patch removes authentication info from the Referer header without introducing any API changes. A new test for net/http is also provided. This is the polished version of Alberto García Hierro's https://golang.org/cl/9766046/ It should handle https Referer right. Fixes #8417 LGTM=bradfitz R=golang-codereviews, gobot, bradfitz, mikioh.mikioh CC=golang-codereviews https://golang.org/cl/151430043
* net/http: make Transport.CloseIdleConnections also close pending dialsBrad Fitzpatrick2014-09-291-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | See comment 4 of https://code.google.com/p/go/issues/detail?id=8483#c4: "So if a user creates a http.Client, issues a bunch of requests and then wants to shutdown it and all opened connections; what is she intended to do? The report suggests that just waiting for all pending requests and calling CloseIdleConnections won't do, as there can be new racing connections. Obviously she can't do what you've done in the test, as it uses the unexported function. If this happens periodically, it can lead to serious resource leaks (the transport is also preserved alive). Am I missing something?" This CL tracks the user's intention to close all idle connections (CloseIdleConnections sets it true; and making a new request sets it false). If a pending dial finishes and nobody wants it, before it's retained for a future caller, the "wantIdle" bool is checked and it's closed if the user has called CloseIdleConnections without a later call to make a new request. Fixes #8483 LGTM=adg R=golang-codereviews, dvyukov, adg CC=golang-codereviews, rsc https://golang.org/cl/148970043
* net/http: check for CloseWrite interface, not TCPConn implementationBrad Fitzpatrick2014-09-241-0/+4
| | | | | | | | | Fixes #8724 LGTM=adg R=adg CC=golang-codereviews https://golang.org/cl/148040043
* net/http: support https_proxy in ProxyFromEnvironmentBrad Fitzpatrick2014-09-241-0/+1
| | | | | | | | | Fixes #6181 LGTM=adg R=adg CC=golang-codereviews https://golang.org/cl/148980043
* build: move package sources from src/pkg to srcRuss Cox2014-09-081-0/+78
Preparation was in CL 134570043. This CL contains only the effect of 'hg mv src/pkg/* src'. For more about the move, see golang.org/s/go14nopkg.
View Lorry Controller Status