diff options
author | Emmanuel Odeke <emm.odeke@gmail.com> | 2016-07-04 23:57:05 -0700 |
---|---|---|
committer | Brad Fitzpatrick <bradfitz@golang.org> | 2016-07-13 16:52:52 +0000 |
commit | 76da6491e802410bf84e122b8694bf01a6cf57cd (patch) | |
tree | 8ca59f5b1a4f9e16b356866cc56c57feb281cc45 | |
parent | 2fcb25e07b2549f607aa174ceab974f8732ea0f4 (diff) | |
download | go-76da6491e802410bf84e122b8694bf01a6cf57cd.tar.gz go-76da6491e802410bf84e122b8694bf01a6cf57cd.zip |
doc/go1.7.html: document that http.Server now enforces request versions
Document that the http.Server is now stricter about rejecting
requests with invalid HTTP versions, and also that it rejects plaintext
HTTP/2 requests, except for `PRI * HTTP/2.0` upgrade requests.
The relevant CL is https://golang.org/cl/24505.
Updates #15810.
Change-Id: Ibbace23e001b5e2eee053bd341de50f9b6d3fde8
Reviewed-on: https://go-review.googlesource.com/24731
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
-rw-r--r-- | doc/go1.7.html | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/go1.7.html b/doc/go1.7.html index 6605e4b366..d209a5ab0e 100644 --- a/doc/go1.7.html +++ b/doc/go1.7.html @@ -897,6 +897,13 @@ is set explicitly, following <a href="https://tools.ietf.org/html/rfc7230#sectio </p> <p> +The server implementation is now stricter about rejecting requests with invalid HTTP versions. +Invalid requests claiming to be HTTP/0.x are now rejected (HTTP/0.9 was never fully supported), +and plaintext HTTP/2 requests other than the "PRI * HTTP/2.0" upgrade request are now rejected as well. +The server continues to handle encrypted HTTP/2 requests. +</p> + +<p> In the server, a 200 status code is sent back by the timeout handler on an empty response body, instead of sending back 0 as the status code. </p> |