Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
* Prevent request smuggling
Prevent request smuggling when fasthttp is behind a reverse proxy that
might interprets headers differently by being stricter. Should also
prevent request smuggling when fasthttp is used as the reverse proxy.
* Make header value comparison case-insensitive
|
|
Require that HTTP versions match the following pattern: HTTP/[0-9]\.[0-9]
|
|
This is required for https://github.com/google/oss-fuzz/pull/11453
|
|
|
|
* feat: add function to parse HTTP header parameters
The implementation is based on RFC-9110 5.6.6.
* test: add fuzz for VisitHeaderParams
|
|
|
|
|
|
|
|
* Auto add 'Vary' header after compression
Add config `SetAddVaryHeaderForCompression` to enable
'Vary: Accept-Encoding' header when compression is used.
* feat: always set the Vary header
* create and use `ResponseHeader.AddVaryBytes`
* not export 'AddVaryBytes'
|
|
|
|
* add DisableSpecialHeaders option
* polishing up disableSpecialHeader option
* forgot to uncomment
* fix silly mistakes
* dont parse special headers
|
|
|
|
|
|
|
|
- Replace https://godoc.org with https://pkg.go.dev.
- Replace https://golang.org with https://go.dev.
- Replace https://golang.org/pkg with https://pkg.go.dev.
- Replace https://blog.golang.org with https://go.dev/blog.
- Use https://pkg.go.dev/golang.org/x/net/http2 instead of non-existing https://http2.golang.org/.
- Remove trailing slashes.
|
|
|
|
This reverts commit a468a7dd3734d9866ef6ab8ee1e36695f5c3b09c.
|
|
* feat: support mulit/range
* fix:
1. lint code
2. add SetByteRanges method
* fix: reduce the test number of testFSSingleByteRange
|
|
* feat: add PeekKeys and PeekTrailerKeys
* Improve warning
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
|
|
|
|
|
|
Don't run requests in a separate Goroutine anymore. Instead use proper
conn deadlines to enforce timeouts.
- Also contains some linting fixes.
|
|
Header.SetCanonical() (#1311)
* Response.ContentEncoding(): store as field
The CE is not so often used for plain APIs responses and even not so often used for static files and on the fly compression.
But still it should be checked each time.
Also having a dedicated field getter and setter simplifies code
* header.go Use shorter Response.setNonSpecial() and Request.setNonSpecial() methods instead of SetCanonical()
The change should improve performance because the setSpecialHeader() call is omitted.
As a downside on adding a new basic header field all putHeader() must be replaced with a direct getter and setter.
|
|
Mostly in tests.
|
|
|
|
* Add trailer support
* fix issue and add documentation
* remove redundant code
* add error return for add/set trailer method
* fix lint error
* fix bad trailer error return issue and update bad content-length error
* update errNonNumericChars
* update errNonNumericChars
* fix issue about error and fix typo
|
|
* Adding zero-allocation uint64 to byte slice conversion and fixing the ResponseHeader.SetStatusLine function call signature
* Removing unnecessary i2b function
* Fixing various bugs
* Adding test cases
* Commenting AppendStatusLine
* Update status.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Update header.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Cleaning up references to strHTTP11, using formatStatusLine for invalidStatusLine, and making `appendStatusLine` an unexported function
Issue: https://github.com/valyala/fasthttp/issues/1132
* Fixing merge conflicts
Issue: https://github.com/valyala/fasthttp/issues/1132
* Replacing []byte{} with nil in some test cases
Issue: https://github.com/valyala/fasthttp/issues/1132
* Cleaning up parsing first line, and improving StatusMessage function
Issue: https://github.com/valyala/fasthttp/issues/1132
* Fixing as per PR
* Update header.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Update header.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Fixing as per requested changes
* Update header_test.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
|
|
* SetStatusMessage
* Docstring
* statusLine in header
* Use statusLine as []byte + ResponseHeader parsing
* status line getter
|
|
|
|
|
|
These functions should take the headers that are handled differently
into account.
|
|
|
|
Co-authored-by: liuchenxing <liuchenxing@bytedance.com>
|
|
Co-authored-by: Daniel Firsht <firsht@amazon.com>
|
|
* fix gracefilly shutdown bug, issue #958
* fix golangci-lint
* add option: CloseOnShutdown into Sever
* Update server.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Update server.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
Co-authored-by: fujianhao3 <fujianhao3@jd.com>
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
|
|
(#859)
* Add api DisableNoDefaultContentType to disable add default contentype if no Content-Type header.
* Update test case.
* Update api name.
* Update header.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
|
|
|
|
`Date` header (#758)
|
|
|
|
- Replace tabs with spaces at line starts to match net/http
- Don't allow multi line header names. See: https://github.com/golang/go/issues/34702
|
|
(#123) (#688)
|
|
This means we can't skip parsing headers for GET requests anymore. This
can be seen as good as it also allows us to reject malformed GET
requests, something we didn't do before this. Performance also isn't
affect much:
benchmark old ns/op new ns/op delta
BenchmarkClientGetEndToEnd1Inmemory-16 640 641 +0.16%
BenchmarkClientGetEndToEnd10Inmemory-16 713 710 -0.42%
BenchmarkClientGetEndToEnd100Inmemory-16 732 749 +2.32%
BenchmarkClientGetEndToEnd1000Inmemory-16 759 774 +1.98%
BenchmarkClientGetEndToEnd10KInmemory-16 785 808 +2.93%
BenchmarkNetHTTPClientGetEndToEnd1Inmemory-16 5045 4954 -1.80%
BenchmarkNetHTTPClientGetEndToEnd10Inmemory-16 5806 6225 +7.22%
BenchmarkNetHTTPClientGetEndToEnd100Inmemory-16 7877 7998 +1.54%
BenchmarkNetHTTPClientGetEndToEnd1000Inmemory-16 16603 16559 -0.27%
|
|
|
|
* format errors
* Server is a type name
* Fix typo
|
|
|
|
See: https://github.com/golang/go/commit/6e6f4aaf70c8b1cc81e65a26332aa9409de03ad8
Reject any non GET or HEAD requests with a 400.
We can't reject GET or HEAD requests with bad headers as we delay
parsing of these headers until the user asks for one. So in this case we
just ignore the header and don't return a value for it.
|
|
value (#628)
If `NoDefaultContentType` is set, but no actual `Content-Type` header is set, do not send the wrong `Content-Type: ` header
|