diff options
author | Brad Fitzpatrick <bradfitz@golang.org> | 2016-01-08 01:06:00 +0000 |
---|---|---|
committer | Brad Fitzpatrick <bradfitz@golang.org> | 2016-01-08 06:01:23 +0000 |
commit | 0421e78f0556f98d782cdcbad6eaa2612603acf9 (patch) | |
tree | 139eea99f4c68db184adeda926d9650554639cb8 /AUTHORS | |
parent | ee566d53adb075c63dc036adb96ba643478a1e00 (diff) | |
download | go-0421e78f0556f98d782cdcbad6eaa2612603acf9.tar.gz go-0421e78f0556f98d782cdcbad6eaa2612603acf9.zip |
net/http: fix too-strict validation of server header values
As Andy Balholm noted in #11207:
"RFC2616 §4.2 says that a header's field-content can consist of *TEXT,
and RFC2616 §2.2 says that TEXT is <any OCTET except CTLs, but
including LWS>, so that would mean that bytes greater than 128 are
allowed."
This is a partial rollback of the strictness from
https://golang.org/cl/11207 (added in the Go 1.6 dev cycle, only
released in Go 1.6beta1)
Fixes #11207
Change-Id: I3a752a7941de100e4803ff16a5d626d5cfec4f03
Reviewed-on: https://go-review.googlesource.com/18374
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Andrew Gerrand <adg@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
Diffstat (limited to 'AUTHORS')
0 files changed, 0 insertions, 0 deletions