Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

httputil: copy some headers over redirects #2896

Merged
merged 5 commits into from
Feb 23, 2017
Merged

httputil: copy some headers over redirects #2896

merged 5 commits into from
Feb 23, 2017

Conversation

chipaca
Copy link
Contributor

@chipaca chipaca commented Feb 20, 2017

No description provided.

niemeyer
niemeyer approved these changes Feb 20, 2017
View reviewed changes
Copy link
Contributor

@niemeyer niemeyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just nitpicks:

httputil/redirect17.go Outdated

func fixupHeadersForRedirect(req *http.Request, via []*http.Request) {
// preserve some headers across redirects
// to the CDN
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line merges well into the prior one. </nitpick>

httputil/redirect.go Outdated
"net/http"
)

func checkRedirect(req *http.Request, via []*http.Request) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feels a bit small to be on its own file.

zyga
zyga approved these changes Feb 21, 2017
View reviewed changes
Copy link
Contributor

@zyga zyga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, I'm not a HTTP guru to review one bit but I highlighted that in the diff.

httputil/redirect17.go
@@ -0,0 +1,37 @@
// +build !go1.8
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice :-)

httputil/redirect17.go Outdated
// (this is done automatically, slightly more cleanly, from 1.8)
for k, v := range via[0].Header {
switch http.CanonicalHeaderKey(k) {
case "Authorization", "Www-Authenticate", "Cookie", "Cookie2":
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cookie2?

It would be nice to know why some fields are here and some are not. I'm not a HTTP guru to check this.

mvo5
mvo5 reviewed Feb 22, 2017
View reviewed changes
httputil/redirect17.go Outdated
for k, v := range via[0].Header {
switch http.CanonicalHeaderKey(k) {
case "Authorization", "Www-Authenticate", "Cookie", "Cookie2":
// whistle innocently
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given zygas comment, maybe we can give a slightly more elaborate comment here :) ? Maybe something like // Do not copy authorisation headers across redirects to not leak them and whistle innocently

mvo5
mvo5 approved these changes Feb 22, 2017
View reviewed changes
Copy link
Contributor

@mvo5 mvo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thank you!

niemeyer
niemeyer requested changes Feb 23, 2017
View reviewed changes
httputil/redirect17.go Outdated
// preserve some headers across redirects (needed for the CDN)
// (this is done automatically, slightly more cleanly, from 1.8)
for k, v := range via[0].Header {
switch http.CanonicalHeaderKey(k) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we please use strings.ToLower here instead? There's no benefit in having the canonical representation here, and it's very error prone to have to type exactly what the method returns for us to not have a bug ("Www" below feels very tempting to replace by "WWW").

@niemeyer niemeyer changed the title Headers over redirects httputil: copy some headers over redirects Feb 23, 2017
@chipaca chipaca force-pushed the headers-over-redirects branch from 66052e2 to 5da72b1 Compare February 23, 2017 13:16
niemeyer
niemeyer approved these changes Feb 23, 2017
View reviewed changes
Copy link
Contributor

@niemeyer niemeyer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@niemeyer niemeyer merged commit 4c73f77 into canonical:master Feb 23, 2017
@chipaca chipaca deleted the headers-over-redirects branch September 4, 2017 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@niemeyer niemeyer niemeyer approved these changes

@zyga zyga zyga approved these changes

@mvo5 mvo5 mvo5 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@chipaca @niemeyer @zyga @mvo5