In some places of the HTTP transport errors were constructed that
wrapped other errors without p...

The ResponseController type provides a discoverable interface
to optional methods implemented by...

We don't seem to have tests verifying that handler reads from the
request body or writes to the ...

Fixes #54299

Change-Id: I3a29527bde7ac71f3824e771982db4257234e9ef
Reviewed-on: https://go-revie...

Change-Id: I163ea3a770f2228f67d4fb1374653566e64b91f7
Reviewed-on: https://go-review.googlesource...

Return an error when parsing a MIME header containing bytes in the
key or value outside the set ...

Remove redundant code at line 365, `oldCtx := req.Context()`, because it's the same as line 349...

Change-Id: I871a747b4b47bccc889f2fdc93a2bcebb041b719
Reviewed-on: https://go-review.googlesource...

Fixes #54794

Change-Id: I6f2b7b86b82ea27b9d53cf989daa21cb8ace13da
Reviewed-on: https://go-revie...

The test sleeps for 1 millisecond to give the cancellation a moment
to take effect. This is flak...

To pick up CL 443575.

Note: This CL also update other x repositories because CL 444536 updates
...

We started running this test under HTTP/2 in a recent refactoring.
It seems to be flaky for HTTP...

Skip TestTransportPersistConnLeakShortBody in HTTP/2 mode;
it's flaky and was previously HTTP/1-...

Replace the ad-hoc approach to running tests in HTTP/1 and HTTP/2
modes with a 'run' function th...

Change-Id: I0b7b6e4e9d2539e4fcb5c08430ba5a74733fad3c
Reviewed-on: https://go-review.googlesource...

Change-Id: Icfa3fd519df48f8d7d7aa3795535fd7e6aaa159f
Reviewed-on: https://go-review.googlesource...

Change-Id: I4730673130bdfbda9987dcb5869f421082f92150
Reviewed-on: https://go-review.googlesource...

Query parameter smuggling occurs when a proxy's interpretation
of query parameters differs from ...

Query parameter smuggling occurs when a proxy's interpretation
of query parameters differs from ...

Change-Id: I8b28aebbb9494b2c877139a4584a5a42253e3bea
GitHub-Last-Rev: e3703fd3a50b811785df757514...

Fixes #55835

Change-Id: I6109bab2941b859e8cfef22f65a6a3a5f977a8d7
Reviewed-on: https://go-revie...

Query parameter smuggling occurs when a proxy's interpretation
of query parameters differs from ...

These tests are flaky; add some additional logging in hopes
it will aid in debugging.

For #5337...

RFC 7231 permits HEAD requests to contain a body, although it does
state there are no defined se...

Pull in HTTP/2 fix needed for net/http test case.

f8f703f979 http2: accept HEAD requests with ...

Change-Id: I87526520b519554ea344288cc0f0940d7b182e21
Reviewed-on: https://go-review.googlesource...

TestReadRequest_Bad's tests for leading whitespace in the first header
were also exercising the ...

Return errors instead of calling t.Fatalf for timing-sensitive failure
modes. Scale the Sleep ca...

Remove a harmless but redundant section of code introduced
in CL 407214.

Change-Id: Id6522e6ff1...

Support for 1xx responses has recently been merged in
net/http (CL 269997).

As discussed in thi...

The changes improve the documentation for DefaultTransport, making
the style with how the HTTP p...

For #53821

Change-Id: I135783bd5472011f6a74d2f5ee34ce96ff49ad2b
GitHub-Last-Rev: 4da2d67ff3d194...

Restore vendoring after go1.18.6 security release.

For #53977

Change-Id: Ifff04582aa3d5fce4060...

Merge go1.18.6

See https://github.com/ooni/probe/issues/2256

Part of https://github.com/ooni/probe/issues/2256

Change-Id: I754edcf21e003a3f4037fb2c5d8d06f2cd5f2fa3
Reviewed-on: https://go-review.googlesource...

Pull in security fix:

f3363e06e7 http2: handle server errors after sending GOAWAY

Fixes CV...

For #40909
Fixes #54890

Change-Id: I00218bc1606eedb6194a3a7b81fd4d3f75325280
Reviewed-on: https...

Change-Id: I5d4c89a8d87a8697d038bf91b17d7ffc847a49c7
Reviewed-on: https://go-review.googlesource...

Change-Id: Ie5a8ae104970237e6e33e75cae807c436bcd08e9
Reviewed-on: https://go-review.googlesource...

Change-Id: I407d11b43349cd78b709deb7b0e774bd93922caa
Reviewed-on: https://go-review.googlesource...

Change-Id: Ifb51413894791154489bd1d4f529088958212c62
Reviewed-on: https://go-review.googlesource...

The triv.go example serves the entire contents of $HOME by default.
That seems bad, let's not do...

Disable cmd/internal/moddeps test, since this update includes PRIVATE
track fixes.

Fixes CVE-20...

Disable cmd/internal/moddeps test, since this update includes PRIVATE
track fixes.

Fixes CVE-20...

Consistently wait for idle connections to become readable before
starting the ReadHeaderTimeout ...

And add some documentation for the debug query param.

Fixes #27737
Fixes #53971

Change-Id: I62...

FileServer provides a read-only service. Methods other than GET or HEAD should
be denied with an...

Fixes #54408

Change-Id: I454199ae5bcd087b8fc4169b7622412105e71113
GitHub-Last-Rev: a33fe7e206d0...

Both FileServer and NewFileTransport can try to seek a file, specifically
when MIME type sniffin...

To make it easier to extract the HTTP/2 error code (if any) from
net/http errors, implement an A...

The https://golang.org/cl/43230 removed use of `getDoneChan`.

Change-Id: I33390c0e3aea6d9836736...

Fixes #54616.

Change-Id: I46f41bbccff7b49f26f60c1edf65acfd1701aed5
Reviewed-on: https://go-revi...

Change-Id: Id44f587199683fd8018865af1c2442f9f74e0dad
GitHub-Last-Rev: 35b1ab88677586c79918d363f2...

There is already a skip in case of a later failure in the same test on
these platforms. Skip the...

Part of https://github.com/ooni/probe/issues/2223

I'm reading the diff with respect to main and...

Part of https://github.com/ooni/probe/issues/2223

I forgot to change the entry before.

Spotted while working on https://github.com/ooni/probe/iss...

Merge go1.18.5 into the stable v0.2.x train

Part of https://github.com/ooni/probe/issues/2223

Following CL 424454, using command

rg --multiline " the\s{1,}the " *
rg --multiline " the...

chore: update submodules

Unfortunately ja3er.com is down, so the examples now are much
less useful than they were before ...

Merged go1.19 net/http sources

Part of https://github.com/ooni/probe/issues/2211.

This work is part of https://github.com/ooni/probe/issues/2211.

Conflicts:
clientserver_test.go
httptest/server_test.go
pprof/pprof.go
pprof/pprof_test.go

Request.Cookie(name string) will return the first cookie
when cookie name is "". Since readCooki...

Add a new Rewrite hook to ReverseProxy, superseding the Director hook.

Director does not distin...

WithContext makes a shallow copy of a Request, and Clone makes a
deep copy. Both set the context...

The value of Expires is only checked when a value is set.

This fixes the bug that a cookie with...

Fixes #41773

Change-Id: I432ad5410d5e3bb0aff3a6e0eea6906ab1b214e2
GitHub-Last-Rev: 57d1ee249dcd...

The HTTP/1 server deletes multipart form tempfiles after ServeHTTP
returns, but the HTTP/2 serve...

Two packages construct atomic booleans from atomic integers.
Replace these implementations with ...

When ReverseProxy forwards a request with no User-Agent header, leave
the header in the forwarde...

X-Forwarded-Host contains the original request's host.

X-Forwarded-Proto contains "http" or "ht...

The current implementation ignores cookies where the
cookie name starts or ends with a space. Fo...

The SERVER_NAME variable in the CGI environment should not
contain the port, according to the se...

Change-Id: Ia8c67d148fc7e71cac8954ccce6fffb8a6f423df
GitHub-Last-Rev: 9441b8f0c510a3a03dc22816e2...

Use the newly added atomic.Pointer[T] type for atomically
loading and storing type *T pointers. ...

CL 421334 updated most of golang.org/x dependencies at the start of
the Go 1.20 development cycl...

This short sentence was missing a period at the end, which caused it
to be interpreted as a head...

The existing documentation is unclear about header keys formatting.
The clarifying sentence is a...

ReverseProxy makes a distinction between nil and zero-length header values.
Avoid losing nil-nes...

Do not accept "Transfer-Encoding: \rchunked" as a valid TE header
setting chunked encoding.

Tha...

A MaxBytesReader returns a *MaxBytesError when reading beyond
its limit, not a MaxBytesError.

F...

Additional header to remove if set before calling http.ServeContent.

The API of ServeContent is...

Avoid race conditions when a new connection is accepted just after
Server.Close or Server.Shutdo...

Updates #43631

Change-Id: I0fe3aafdf7ef889fed1a830128721393f8d020e6
GitHub-Last-Rev: c359542d74...

ReverseProxy makes a distinction between nil and zero-length header values.
Avoid losing nil-nes...

Do not accept "Transfer-Encoding: \rchunked" as a valid TE header
setting chunked encoding.

Tha...

This documentation commit points to the latest RFC documenting HTTP codes

Change-Id: Ia76406646...

chore: prepare to merge go1.18.3