Commit daa7c607 authored by Sina Siadat's avatar Sina Siadat Committed by Brad Fitzpatrick

net/http/httputil: remove custom hop-by-hop headers from response in ReverseProxy

Hop-by-hop headers (explicitly mentioned in RFC 2616) were already
removed from the response. This removes the custom hop-by-hop
headers listed in the "Connection" header of the response.

Updates #16875

Change-Id: I6b8f261d38b8d72040722f3ded29755ef0303427
Reviewed-on: https://go-review.googlesource.com/28810Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
parent ed8f2079
......@@ -156,7 +156,7 @@ func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
// copied above) so we only copy it if necessary.
copiedHeaders := false
// Remove headers with the same name as the connection-tokens.
// Remove hop-by-hop headers listed in the "Connection" header.
// See RFC 2616, section 14.10.
if c := outreq.Header.Get("Connection"); c != "" {
for _, f := range strings.Split(c, ",") {
......@@ -202,6 +202,16 @@ func (p *ReverseProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
return
}
// Remove hop-by-hop headers listed in the
// "Connection" header of the response.
if c := res.Header.Get("Connection"); c != "" {
for _, f := range strings.Split(c, ",") {
if f = strings.TrimSpace(f); f != "" {
res.Header.Del(f)
}
}
}
for _, h := range hopHeaders {
res.Header.Del(h)
}
......
......@@ -148,6 +148,9 @@ func TestReverseProxyStripHeadersPresentInConnection(t *testing.T) {
if c := r.Header.Get("Upgrade"); c != "" {
t.Errorf("handler got header %q = %q; want empty", "Upgrade", c)
}
w.Header().Set("Connection", "Upgrade, "+fakeConnectionToken)
w.Header().Set("Upgrade", "should be deleted")
w.Header().Set(fakeConnectionToken, "should be deleted")
io.WriteString(w, backendResponse)
}))
defer backend.Close()
......@@ -180,6 +183,12 @@ func TestReverseProxyStripHeadersPresentInConnection(t *testing.T) {
if got, want := string(bodyBytes), backendResponse; got != want {
t.Errorf("got body %q; want %q", got, want)
}
if c := res.Header.Get("Upgrade"); c != "" {
t.Errorf("handler got header %q = %q; want empty", "Upgrade", c)
}
if c := res.Header.Get(fakeConnectionToken); c != "" {
t.Errorf("handler got header %q = %q; want empty", fakeConnectionToken, c)
}
}
func TestXForwardedFor(t *testing.T) {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment