httpguts

package
v0.0.0-...-edbed3e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 31, 2024 License: MIT, BSD-3-Clause Imports: 5 Imported by: 0

Documentation

Overview

Package httpguts provides functions implementing various details of the HTTP specification.

This package is shared by the standard library (which vendors it) and x/net/http2. It comes with no API stability promise.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HeaderValuesContainsToken

func HeaderValuesContainsToken(values []string, token string) bool

HeaderValuesContainsToken reports whether any string in values contains the provided token, ASCII case-insensitively.

func IsTokenRune

func IsTokenRune(r rune) bool

func PunycodeHostPort

func PunycodeHostPort(v string) (string, error)

PunycodeHostPort returns the IDNA Punycode version of the provided "host" or "host:port" string.

func ValidHeaderFieldName

func ValidHeaderFieldName(v string) bool

ValidHeaderFieldName reports whether v is a valid HTTP/1.x header name. HTTP/2 imposes the additional restriction that uppercase ASCII letters are not allowed.

RFC 7230 says:

header-field   = field-name ":" OWS field-value OWS
field-name     = token
token          = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
        "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA

func ValidHeaderFieldValue

func ValidHeaderFieldValue(v string) bool

ValidHeaderFieldValue reports whether v is a valid "field-value" according to http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 :

message-header = field-name ":" [ field-value ]
field-value    = *( field-content | LWS )
field-content  = <the OCTETs making up the field-value
                 and consisting of either *TEXT or combinations
                 of token, separators, and quoted-string>

http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2 :

TEXT           = <any OCTET except CTLs,
                  but including LWS>
LWS            = [CRLF] 1*( SP | HT )
CTL            = <any US-ASCII control character
                 (octets 0 - 31) and DEL (127)>

RFC 7230 says:

field-value    = *( field-content / obs-fold )
obj-fold       =  N/A to http2, and deprecated
field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]
field-vchar    = VCHAR / obs-text
obs-text       = %x80-FF
VCHAR          = "any visible [USASCII] character"

http2 further says: "Similarly, HTTP/2 allows header field values that are not valid. While most of the values that can be encoded will not alter header field parsing, carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0) might be exploited by an attacker if they are translated verbatim. Any request or response that contains a character not permitted in a header field value MUST be treated as malformed (Section 8.1.2.6). Valid characters are defined by the field-content ABNF rule in Section 3.2 of [RFC7230]."

This function does not (yet?) properly handle the rejection of strings that begin or end with SP or HTAB.

func ValidHostHeader

func ValidHostHeader(h string) bool

ValidHostHeader reports whether h is a valid host header.

func ValidTrailerHeader

func ValidTrailerHeader(name string) bool

ValidTrailerHeader reports whether name is a valid header field name to appear in trailers. See RFC 7230, Section 4.1.2

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL