| blob | f5cdc3a4d34df3008ecffb806f82312b874f9ea8 |
1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // HTTP server. See RFC 7230 through 7235.
7 package http
10 "bufio"
11 "bytes"
12 "context"
13 "crypto/tls"
14 "errors"
15 "fmt"
16 "internal/godebug"
17 "io"
18 "log"
19 "math/rand"
20 "net"
21 "net/textproto"
22 "net/url"
23 urlpkg "net/url"
24 "path"
25 "runtime"
26 "sort"
27 "strconv"
28 "strings"
29 "sync"
30 "sync/atomic"
31 "time"
33 "golang.org/x/net/http/httpguts"
34 )
36 // Errors used by the HTTP server.
38 // ErrBodyNotAllowed is returned by ResponseWriter.Write calls
39 // when the HTTP method or response code does not permit a
40 // body.
41 ErrBodyNotAllowed = errors.New("http: request method or response status code does not allow body")
43 // ErrHijacked is returned by ResponseWriter.Write calls when
44 // the underlying connection has been hijacked using the
45 // Hijacker interface. A zero-byte write on a hijacked
46 // connection will return ErrHijacked without any other side
47 // effects.
50 // ErrContentLength is returned by ResponseWriter.Write calls
51 // when a Handler set a Content-Length response header with a
52 // declared size and then attempted to write more bytes than
53 // declared.
56 // Deprecated: ErrWriteAfterFlush is no longer returned by
57 // anything in the net/http package. Callers should not
58 // compare errors against this variable.
60 )
62 // A Handler responds to an HTTP request.
63 //
64 // ServeHTTP should write reply headers and data to the ResponseWriter
65 // and then return. Returning signals that the request is finished; it
66 // is not valid to use the ResponseWriter or read from the
67 // Request.Body after or concurrently with the completion of the
68 // ServeHTTP call.
69 //
70 // Depending on the HTTP client software, HTTP protocol version, and
71 // any intermediaries between the client and the Go server, it may not
72 // be possible to read from the Request.Body after writing to the
73 // ResponseWriter. Cautious handlers should read the Request.Body
74 // first, and then reply.
75 //
76 // Except for reading the body, handlers should not modify the
77 // provided Request.
78 //
79 // If ServeHTTP panics, the server (the caller of ServeHTTP) assumes
80 // that the effect of the panic was isolated to the active request.
81 // It recovers the panic, logs a stack trace to the server error log,
82 // and either closes the network connection or sends an HTTP/2
83 // RST_STREAM, depending on the HTTP protocol. To abort a handler so
84 // the client sees an interrupted response but the server doesn't log
85 // an error, panic with the value ErrAbortHandler.
88 }
90 // A ResponseWriter interface is used by an HTTP handler to
91 // construct an HTTP response.
92 //
93 // A ResponseWriter may not be used after the Handler.ServeHTTP method
94 // has returned.
96 // Header returns the header map that will be sent by
97 // WriteHeader. The Header map also is the mechanism with which
98 // Handlers can set HTTP trailers.
99 //
100 // Changing the header map after a call to WriteHeader (or
101 // Write) has no effect unless the modified headers are
102 // trailers.
103 //
104 // There are two ways to set Trailers. The preferred way is to
105 // predeclare in the headers which trailers you will later
106 // send by setting the "Trailer" header to the names of the
107 // trailer keys which will come later. In this case, those
108 // keys of the Header map are treated as if they were
109 // trailers. See the example. The second way, for trailer
110 // keys not known to the Handler until after the first Write,
111 // is to prefix the Header map keys with the TrailerPrefix
112 // constant value. See TrailerPrefix.
113 //
114 // To suppress automatic response headers (such as "Date"), set
115 // their value to nil.
118 // Write writes the data to the connection as part of an HTTP reply.
119 //
120 // If WriteHeader has not yet been called, Write calls
121 // WriteHeader(http.StatusOK) before writing the data. If the Header
122 // does not contain a Content-Type line, Write adds a Content-Type set
123 // to the result of passing the initial 512 bytes of written data to
124 // DetectContentType. Additionally, if the total size of all written
125 // data is under a few KB and there are no Flush calls, the
126 // Content-Length header is added automatically.
127 //
128 // Depending on the HTTP protocol version and the client, calling
129 // Write or WriteHeader may prevent future reads on the
130 // Request.Body. For HTTP/1.x requests, handlers should read any
131 // needed request body data before writing the response. Once the
132 // headers have been flushed (due to either an explicit Flusher.Flush
133 // call or writing enough data to trigger a flush), the request body
134 // may be unavailable. For HTTP/2 requests, the Go HTTP server permits
135 // handlers to continue to read the request body while concurrently
136 // writing the response. However, such behavior may not be supported
137 // by all HTTP/2 clients. Handlers should read before writing if
138 // possible to maximize compatibility.
141 // WriteHeader sends an HTTP response header with the provided
142 // status code.
143 //
144 // If WriteHeader is not called explicitly, the first call to Write
145 // will trigger an implicit WriteHeader(http.StatusOK).
146 // Thus explicit calls to WriteHeader are mainly used to
147 // send error codes.
148 //
149 // The provided code must be a valid HTTP 1xx-5xx status code.
150 // Only one header may be written. Go does not currently
151 // support sending user-defined 1xx informational headers,
152 // with the exception of 100-continue response header that the
153 // Server sends automatically when the Request.Body is read.
155 }
157 // The Flusher interface is implemented by ResponseWriters that allow
158 // an HTTP handler to flush buffered data to the client.
159 //
160 // The default HTTP/1.x and HTTP/2 ResponseWriter implementations
161 // support Flusher, but ResponseWriter wrappers may not. Handlers
162 // should always test for this ability at runtime.
163 //
164 // Note that even for ResponseWriters that support Flush,
165 // if the client is connected through an HTTP proxy,
166 // the buffered data may not reach the client until the response
167 // completes.
169 // Flush sends any buffered data to the client.
171 }
173 // The Hijacker interface is implemented by ResponseWriters that allow
174 // an HTTP handler to take over the connection.
175 //
176 // The default ResponseWriter for HTTP/1.x connections supports
177 // Hijacker, but HTTP/2 connections intentionally do not.
178 // ResponseWriter wrappers may also not support Hijacker. Handlers
179 // should always test for this ability at runtime.
181 // Hijack lets the caller take over the connection.
182 // After a call to Hijack the HTTP server library
183 // will not do anything else with the connection.
184 //
185 // It becomes the caller's responsibility to manage
186 // and close the connection.
187 //
188 // The returned net.Conn may have read or write deadlines
189 // already set, depending on the configuration of the
190 // Server. It is the caller's responsibility to set
191 // or clear those deadlines as needed.
192 //
193 // The returned bufio.Reader may contain unprocessed buffered
194 // data from the client.
195 //
196 // After a call to Hijack, the original Request.Body must not
197 // be used. The original Request's Context remains valid and
198 // is not canceled until the Request's ServeHTTP method
199 // returns.
201 }
203 // The CloseNotifier interface is implemented by ResponseWriters which
204 // allow detecting when the underlying connection has gone away.
205 //
206 // This mechanism can be used to cancel long operations on the server
207 // if the client has disconnected before the response is ready.
208 //
209 // Deprecated: the CloseNotifier interface predates Go's context package.
210 // New code should use Request.Context instead.
212 // CloseNotify returns a channel that receives at most a
213 // single value (true) when the client connection has gone
214 // away.
215 //
216 // CloseNotify may wait to notify until Request.Body has been
217 // fully read.
218 //
219 // After the Handler has returned, there is no guarantee
220 // that the channel receives a value.
221 //
222 // If the protocol is HTTP/1.1 and CloseNotify is called while
223 // processing an idempotent request (such a GET) while
224 // HTTP/1.1 pipelining is in use, the arrival of a subsequent
225 // pipelined request may cause a value to be sent on the
226 // returned channel. In practice HTTP/1.1 pipelining is not
227 // enabled in browsers and not seen often in the wild. If this
228 // is a problem, use HTTP/2 or only use CloseNotify on methods
229 // such as POST.
231 }
234 // ServerContextKey is a context key. It can be used in HTTP
235 // handlers with Context.Value to access the server that
236 // started the handler. The associated value will be of
237 // type *Server.
240 // LocalAddrContextKey is a context key. It can be used in
241 // HTTP handlers with Context.Value to access the local
242 // address the connection arrived on.
243 // The associated value will be of type net.Addr.
245 )
247 // A conn represents the server side of an HTTP connection.
249 // server is the server on which the connection arrived.
250 // Immutable; never nil.
251 server *Server
253 // cancelCtx cancels the connection-level context.
254 cancelCtx context.CancelFunc
256 // rwc is the underlying network connection.
257 // This is never wrapped by other types and is the value given out
258 // to CloseNotifier callers. It is usually of type *net.TCPConn or
259 // *tls.Conn.
260 rwc net.Conn
262 // remoteAddr is rwc.RemoteAddr().String(). It is not populated synchronously
263 // inside the Listener's Accept goroutine, as some implementations block.
264 // It is populated immediately inside the (*conn).serve goroutine.
265 // This is the value of a Handler's (*Request).RemoteAddr.
266 remoteAddr string
268 // tlsState is the TLS connection state when using TLS.
269 // nil means not TLS.
272 // werr is set to the first write error to rwc.
273 // It is set via checkConnErrorWriter{w}, where bufw writes.
274 werr error
276 // r is bufr's read source. It's a wrapper around rwc that provides
277 // io.LimitedReader-style limiting (while reading request headers)
278 // and functionality to support CloseNotifier. See *connReader docs.
279 r *connReader
281 // bufr reads from r.
284 // bufw writes to checkConnErrorWriter{c}, which populates werr on error.
287 // lastMethod is the method of the most recent request
288 // on this connection, if any.
289 lastMethod string
295 // mu guards hijackedv
296 mu sync.Mutex
298 // hijackedv is whether this connection has been hijacked
299 // by a Handler with the Hijacker interface.
300 // It is guarded by mu.
301 hijackedv bool
302 }
308 }
310 // c.mu must be held.
314 }
325 }
326 }
328 return
329 }
331 // This should be >= 512 bytes for DetectContentType,
332 // but otherwise it's somewhat arbitrary.
335 // chunkWriter writes to a response's conn buffer, and is the writer
336 // wrapped by the response.w buffered writer.
337 //
338 // chunkWriter also is responsible for finalizing the Header, including
339 // conditionally setting the Content-Type and setting a Content-Length
340 // in cases where the handler's final output is smaller than the buffer
341 // size. It also conditionally adds chunk headers, when in chunking mode.
342 //
343 // See the comment above (*response).Write for the entire write flow.
345 res *response
347 // header is either nil or a deep clone of res.handlerHeader
348 // at the time of res.writeHeader, if res.writeHeader is
349 // called and extra buffering is being done to calculate
350 // Content-Type and/or Content-Length.
351 header Header
353 // wroteHeader tells whether the header's been written to "the
354 // wire" (or rather: w.conn.buf). this is unlike
355 // (*response).wroteHeader, which tells only whether it was
356 // logically written.
357 wroteHeader bool
359 // set by the writeHeader method:
361 }
366 )
371 }
373 // Eat writes.
375 }
380 return
381 }
382 }
386 }
389 }
390 return
391 }
396 }
398 }
403 }
406 // zero chunk to mark EOF
410 }
411 // final blank line after the trailers (whether
412 // present or not)
414 }
415 }
417 // A response represents the server side of an HTTP response.
419 conn *conn
421 reqBody io.ReadCloser
428 // canWriteContinue is a boolean value accessed as an atomic int32
429 // that says whether or not a 100 Continue header can be written
430 // to the connection.
431 // writeContinueMu must be held while writing the header.
432 // These two fields together synchronize the body reader
433 // (the expectContinueReader, which wants to write 100 Continue)
434 // against the main writer.
435 canWriteContinue atomicBool
436 writeContinueMu sync.Mutex
439 cw chunkWriter
441 // handlerHeader is the Header that Handlers get access to,
442 // which may be retained and mutated even after WriteHeader.
443 // handlerHeader is copied into cw.header at WriteHeader
444 // time, and privately mutated thereafter.
445 handlerHeader Header
452 // close connection after this reply. set on request and
453 // updated after response from handler if there's a
454 // "Connection: keep-alive" response header and a
455 // Content-Length.
456 closeAfterReply bool
458 // requestBodyLimitHit is set by requestTooLarge when
459 // maxBytesReader hits its max size. It is checked in
460 // WriteHeader, to make sure we don't consume the
461 // remaining request body to try to advance to the next HTTP
462 // request. Instead, when this is set, we stop reading
463 // subsequent requests on this connection and stop reading
464 // input from it.
465 requestBodyLimitHit bool
467 // trailers are the headers to be sent after the handler
468 // finishes writing the body. This field is initialized from
469 // the Trailer response header when the response header is
470 // written.
473 handlerDone atomicBool // set true when the handler exits
475 // Buffers for Date, Content-Length, and status code
480 // closeNotifyCh is the channel returned by CloseNotify.
481 // TODO(bradfitz): this is currently (for Go 1.8) always
482 // non-nil. Make this lazily-created again as it used to be?
485 }
487 // TrailerPrefix is a magic prefix for ResponseWriter.Header map keys
488 // that, if present, signals that the map entry is actually for
489 // the response trailers, and not the response headers. The prefix
490 // is stripped after the ServeHTTP call finishes and the values are
491 // sent in the trailers.
492 //
493 // This mechanism is intended only for trailers that are not known
494 // prior to the headers being written. If the set of trailers is fixed
495 // or known before the header is written, the normal Go trailers mechanism
496 // is preferred:
497 // https://pkg.go.dev/net/http#ResponseWriter
498 // https://pkg.go.dev/net/http#example-ResponseWriter-Trailers
501 // finalTrailers is called after the Handler exits and returns a non-nil
502 // value if the Handler set any trailers.
504 var t Header
509 }
511 }
512 }
516 }
519 }
520 }
521 return t
522 }
530 // declareTrailer is called for each Trailer header when the
531 // response header is written. It notes that a header will need to be
532 // written in the trailers at the end of the response.
536 // Forbidden by RFC 7230, section 4.1.2
537 return
538 }
540 }
542 // requestTooLarge is called by maxBytesReader when too much input has
543 // been read from the client.
549 }
550 }
552 // needsSniff reports whether a Content-Type still needs to be sniffed.
556 }
558 // writerOnly hides an io.Writer value's optional ReadFrom method
559 // from io.Copy.
561 io.Writer
562 }
564 // ReadFrom is here to optimize copying from an *os.File regular file
565 // to a *net.TCPConn with sendfile, or from a supported src type such
566 // as a *net.TCPConn on Linux with splice.
569 buf := *bufp
572 // Our underlying w.conn.rwc is usually a *TCPConn (with its
573 // own ReadFrom method). If not, just fall back to the normal
574 // copy method.
578 }
580 // Copy the first sniffLen bytes before switching to ReadFrom.
581 // This ensures we don't start writing the response before the
582 // source is available (see golang.org/issue/5660) and provides
583 // enough bytes to perform Content-Type sniffing when required.
586 n += n0
589 }
590 }
595 // Now that cw has been flushed, its chunking field is guaranteed initialized.
598 n += n0
601 }
604 n += n0
606 }
608 // debugServerConnections controls whether all server connections are wrapped
609 // with a verbose logging wrapper.
612 // Create new connection from rwc.
617 }
620 }
621 return c
622 }
625 _ incomparable
626 n int
627 err error
629 }
631 // connReader is the io.Reader wrapper used by *conn. It combines a
632 // selectively-activated io.LimitedReader (to bound request header
633 // read sizes) with support for selectively keeping an io.Reader.Read
634 // call blocked in a background goroutine to wait for activity and
635 // trigger a CloseNotifier channel.
637 conn *conn
640 hasByte bool
643 inRead bool
646 }
652 }
653 }
662 }
664 return
665 }
669 }
676 // We were past the end of the previous request's body already
677 // (since we wouldn't be in a background read otherwise), so
678 // this is a pipelined HTTP request. Prior to Go 1.11 we used to
679 // send on the CloseNotify channel and cancel the context here,
680 // but the behavior was documented as only "may", and we only
681 // did that because that's how CloseNotify accidentally behaved
682 // in very early Go releases prior to context support. Once we
683 // added context support, people used a Handler's
684 // Request.Context() and passed it along. Having that context
685 // cancel on pipelined HTTP requests caused problems.
686 // Fortunately, almost nothing uses HTTP/1.x pipelining.
687 // Unfortunately, apt-get does, or sometimes does.
688 // New Go 1.11 behavior: don't fire CloseNotify or cancel
689 // contexts on pipelined requests. Shouldn't affect people, but
690 // fixes cases like Issue 23921. This does mean that a client
691 // closing their TCP connection after sending a pipelined
692 // request won't cancel the context, but we'll catch that on any
693 // write failure (in checkConnErrorWriter.Write).
694 // If the server never writes, yes, there are still contrived
695 // server & client behaviors where this fails to ever cancel the
696 // context, but that's kinda why HTTP/1.x pipelining died
697 // anyway.
698 }
700 // Ignore this error. It's the expected error from
701 // another goroutine calling abortPendingRead.
704 }
709 }
715 return
716 }
721 }
723 }
729 // handleReadError is called whenever a Read from the client returns a
730 // non-nil error.
731 //
732 // The provided non-nil err is almost always io.EOF or a "use of
733 // closed network connection". In any case, the error is not
734 // particularly interesting, except perhaps for debugging during
735 // development. Any error means the connection is dead and we should
736 // down its context.
737 //
738 // It may be called from multiple goroutines.
742 }
744 // may be called from multiple goroutines.
749 }
750 }
758 }
760 }
764 }
768 }
771 }
777 }
786 }
792 }
795 bufioReaderPool sync.Pool
796 bufioWriter2kPool sync.Pool
797 bufioWriter4kPool sync.Pool
798 )
804 },
805 }
813 }
815 }
821 return br
822 }
823 // Note: if this reader size is ever changed, update
824 // TestHandlerBodyClose's assumptions.
826 }
831 }
839 return bw
840 }
841 }
843 }
849 }
850 }
852 // DefaultMaxHeaderBytes is the maximum permitted size of the headers
853 // in an HTTP request.
854 // This can be overridden by setting Server.MaxHeaderBytes.
860 }
861 return DefaultMaxHeaderBytes
862 }
866 }
868 // tlsHandshakeTimeout returns the time limit permitted for the TLS
869 // handshake, or zero for unlimited.
870 //
871 // It returns the minimum of any positive ReadHeaderTimeout,
872 // ReadTimeout, or WriteTimeout.
879 } {
881 continue
882 }
884 ret = v
885 }
886 }
887 return ret
888 }
890 // wrapper around io.ReadCloser which on first read, sends an
891 // HTTP/1.1 100 Continue header
893 resp *response
894 readCloser io.ReadCloser
895 closed atomicBool
896 sawEOF atomicBool
897 }
902 }
911 }
913 }
917 }
918 return
919 }
924 }
926 // TimeFormat is the time format to use when generating times in HTTP
927 // headers. It is like time.RFC1123 but hard-codes GMT as the time
928 // zone. The time being formatted must be in UTC for Format to
929 // generate the correct format.
930 //
931 // For parsing this time format, see ParseTime.
934 // appendTime is a non-allocating version of []byte(t.UTC().Format(TimeFormat))
954 }
958 // Read next request from connection.
962 }
967 )
971 }
974 }
979 }()
980 }
984 // RFC 7230 section 3 tolerance for old buggy clients.
987 }
992 }
994 }
998 }
1005 if req.ProtoAtLeast(1, 1) && (!haveHost || len(hosts) == 0) && !isH2Upgrade && req.Method != "CONNECT" {
1007 }
1010 }
1014 }
1018 }
1019 }
1020 }
1029 }
1031 // Adjust the read deadline if necessary.
1034 }
1045 // We populate these ahead of time so we're not
1046 // reading from req.Header after their Handler starts
1047 // and maybe mutates it (Issue 14940)
1050 }
1053 }
1057 }
1059 // http1ServerSupportsRequest reports whether Go's HTTP/1.x server
1060 // supports the given request.
1064 }
1065 // Accept "PRI * HTTP/2.0" upgrade requests, so Handlers can
1066 // wire up their own HTTP/2 upgrades.
1070 }
1071 // Reject HTTP/0.x, and all other HTTP/2+ requests (which
1072 // aren't encoded in ASCII anyway).
1074 }
1078 // Accessing the header between logically writing it
1079 // and physically writing it means we need to allocate
1080 // a clone to snapshot the logically written state.
1082 }
1085 }
1087 // maxPostHandlerReadBytes is the max number of Request.Body bytes not
1088 // consumed by a handler that the server will read from the client
1089 // in order to keep a connection alive. If there are more bytes than
1090 // this then the server to be paranoid instead sends a "Connection:
1091 // close" response.
1092 //
1093 // This number is approximately what a typical machine's TCP buffer
1094 // size is anyway. (if we have the bytes on the machine, we might as
1095 // well read them)
1099 // Issue 22880: require valid WriteHeader status codes.
1100 // For now we only enforce that it's three digits.
1101 // In the future we might block things over 599 (600 and above aren't defined
1102 // at https://httpwg.org/specs/rfc7231.html#status.codes)
1103 // and we might block under 200 (once we have more mature 1xx support).
1104 // But for now any three digits.
1105 //
1106 // We used to send "HTTP/1.1 000 0" on the wire in responses but there's
1107 // no equivalent bogus thing we can realistically send in HTTP/2,
1108 // so we'll consistently panic instead and help people find their bugs
1109 // early. (We can't return an error from WriteHeader even if we wanted to.)
1112 }
1113 }
1115 // relevantCaller searches the call stack for the first function outside of net/http.
1116 // The purpose of this function is to provide more helpful error messages.
1125 }
1129 if !strings.HasPrefix(frame.Function, prefix1) && !strings.HasPrefix(frame.Function, prefix2) {
1130 return frame
1131 }
1133 break
1134 }
1135 }
1136 return frame
1137 }
1142 w.conn.server.logf("http: response.WriteHeader on hijacked connection from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line)
1143 return
1144 }
1147 w.conn.server.logf("http: superfluous response.WriteHeader call from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line)
1148 return
1149 }
1156 }
1165 }
1166 }
1167 }
1169 // extraHeader is the set of headers sometimes added by chunkWriter.writeHeader.
1170 // This type is used to avoid extra allocations from cloning and/or populating
1171 // the response Header map and all its 1-element slices.
1173 contentType string
1174 connection string
1175 transferEncoding string
1178 }
1180 // Sorted the same as extraHeader.Write's loop.
1185 }
1190 )
1192 // Write writes the headers described in h to w.
1193 //
1194 // This method has a value receiver, despite the somewhat large size
1195 // of h, because it prevents an allocation. The escape analysis isn't
1196 // smart enough to realize this function doesn't mutate h.
1202 }
1207 }
1214 }
1215 }
1216 }
1218 // writeHeader finalizes the header sent to the client and writes it
1219 // to cw.res.conn.bufw.
1220 //
1221 // p is not written by writeHeader, but is the first chunk of the body
1222 // that will be written. It is sniffed for a Content-Type if none is
1223 // set explicitly. It's also used to set the Content-Length, if the
1224 // total body size was small and the handler has already finished
1225 // running.
1228 return
1229 }
1236 // header is written out to w.conn.buf below. Depending on the
1237 // state of the handler, we either own the map or not. If we
1238 // don't own it, the exclude map is created lazily for
1239 // WriteSubset to remove headers. The setHeader struct holds
1240 // headers we need to add.
1245 }
1250 return
1251 }
1253 return
1254 }
1257 }
1259 }
1260 var setHeader extraHeader
1262 // Don't write out the fake "Trailer:foo" keys. See TrailerPrefix.
1268 }
1271 }
1272 }
1276 }
1281 // If the handler is done but never sent a Content-Length
1282 // response header and this is our first (and last) write, set
1283 // it, even to zero. This helps HTTP/1.0 clients keep their
1284 // "keep-alive" connections alive.
1285 // Exceptions: 304/204/1xx responses never get Content-Length, and if
1286 // it was a HEAD request, we don't know the difference between
1287 // 0 actual bytes and 0 bytes because the handler noticed it
1288 // was a HEAD request and chose not to write anything. So for
1289 // HEAD, the handler should either write the Content-Length or
1290 // write non-zero bytes. If it's actually 0 bytes and the
1291 // handler never looked at the Request.Method, we just don't
1292 // send a Content-Length header.
1293 // Further, we don't send an automatic Content-Length if they
1294 // set a Transfer-Encoding, because they're generally incompatible.
1295 if w.handlerDone.isSet() && !trailers && !hasTE && bodyAllowedForStatus(w.status) && header.get("Content-Length") == "" && (!isHEAD || len(p) > 0) {
1298 }
1300 // If this was an HTTP/1.0 request with keep-alive and we sent a
1301 // Content-Length back, we can make this a keep-alive response ...
1306 }
1307 }
1309 // Check for an explicit (and valid) Content-Length header.
1316 }
1319 }
1323 }
1325 // If the client wanted a 100-continue but we never sent it to
1326 // them (or, more strictly: we never finished reading their
1327 // request body), don't reuse this connection because it's now
1328 // in an unknown state: we might be sending this response at
1329 // the same time the client is now sending its request body
1330 // after a timeout. (Some HTTP clients send Expect:
1331 // 100-continue but knowing that some servers don't support
1332 // it, the clients set a timer and send the body later anyway)
1333 // If we haven't seen EOF, we can't skip over the unread body
1334 // because we don't know if the next bytes on the wire will be
1335 // the body-following-the-timer or the subsequent request.
1336 // See Issue 11549.
1339 }
1341 // Per RFC 2616, we should consume the request body before
1342 // replying, if the handler hasn't already done so. But we
1343 // don't want to do an unbounded amount of reading here for
1344 // DoS reasons, so we only try up to a threshold.
1345 // TODO(bradfitz): where does RFC 2616 say that? See Issue 15527
1346 // about HTTP/1.x Handlers concurrently reading and writing, like
1347 // HTTP/2 handlers can do. Maybe this code should be relaxed?
1355 }
1361 // Body was closed in handler with non-EOF error.
1363 }
1368 }
1372 }
1378 // There must be even more data left over.
1381 // Body was already consumed and closed.
1383 // The remaining body was just consumed, close it.
1387 }
1389 // Some other kind of error occurred, like a read timeout, or
1390 // corrupt chunked encoding. In any case, whatever remains
1391 // on the wire must not be parsed as another HTTP request.
1393 }
1394 }
1400 }
1401 }
1405 // If no content type, apply sniffing algorithm to body.
1408 // If the Content-Encoding was set and is non-blank,
1409 // we shouldn't sniff the body. See Issue 31753.
1414 }
1418 }
1419 }
1423 }
1426 // TODO: return an error if WriteHeader gets a return parameter
1427 // For now just ignore the Content-Length.
1428 w.conn.server.logf("http: WriteHeader called with both Transfer-Encoding of %q and a Content-Length of %d",
1432 }
1435 // Response has no body.
1438 // Content-Length has been provided, so no chunking is to be done.
1441 // HTTP/1.1 or greater: Transfer-Encoding has been set to identity, and no
1442 // content-length has been provided. The connection must be closed after the
1443 // reply is written, and no chunking is to be done. This is the setup
1444 // recommended in the Server-Sent Events candidate recommendation 11,
1445 // section 8.
1451 // HTTP/1.1 or greater: use chunked transfer encoding
1452 // to avoid closing the connection at EOF.
1456 // We will send the chunked Transfer-Encoding header later.
1458 }
1459 }
1461 // HTTP version < 1.1: cannot do chunked transfer
1462 // encoding and we don't know the Content-Length so
1463 // signal EOF by closing connection.
1466 }
1468 // Cannot use Content-Length with non-identity Transfer-Encoding.
1471 }
1473 return
1474 }
1476 // Only override the Connection header if it is not a successful
1477 // protocol switch response and if KeepAlives are not enabled.
1478 // See https://golang.org/issue/36381.
1486 }
1487 }
1493 }
1495 // foreachHeaderElement splits v according to the "#rule" construction
1496 // in RFC 7230 section 7 and calls fn for each non-empty element.
1500 return
1501 }
1504 return
1505 }
1509 }
1510 }
1511 }
1513 // writeStatusLine writes an HTTP/1.x Status-Line (RFC 7230 Section 3.1.2)
1514 // to bw. is11 is whether the HTTP request is HTTP/1.1. false means HTTP/1.0.
1515 // code is the response status code.
1516 // scratch is an optional scratch buffer. If it has at least capacity 3, it's used.
1522 }
1529 // don't worry about performance
1531 }
1532 }
1534 // bodyAllowed reports whether a Write is allowed for this response type.
1535 // It's illegal to call this before the header has been flushed.
1539 }
1541 }
1543 // The Life Of A Write is like this:
1544 //
1545 // Handler starts. No header has been sent. The handler can either
1546 // write a header, or just start writing. Writing before sending a header
1547 // sends an implicitly empty 200 OK header.
1548 //
1549 // If the handler didn't declare a Content-Length up front, we either
1550 // go into chunking mode or, if the handler finishes running before
1551 // the chunking buffer size, we compute a Content-Length and send that
1552 // in the header instead.
1553 //
1554 // Likewise, if the handler didn't set a Content-Type, we sniff that
1555 // from the initial chunk of output.
1556 //
1557 // The Writers are wired together like:
1558 //
1559 // 1. *response (the ResponseWriter) ->
1560 // 2. (*response).w, a *bufio.Writer of bufferBeforeChunkingSize bytes ->
1561 // 3. chunkWriter.Writer (whose writeHeader finalizes Content-Length/Type)
1562 // and which writes the chunk headers, if needed ->
1563 // 4. conn.bufw, a *bufio.Writer of default (4kB) bytes, writing to ->
1564 // 5. checkConnErrorWriter{c}, which notes any non-nil error on Write
1565 // and populates c.werr with it if so, but otherwise writes to ->
1566 // 6. the rwc, the net.Conn.
1567 //
1568 // TODO(bradfitz): short-circuit some of the buffering when the
1569 // initial header contains both a Content-Type and Content-Length.
1570 // Also short-circuit in (1) when the header's been sent and not in
1571 // chunking mode, writing directly to (4) instead, if (2) has no
1572 // buffered data. More generally, we could short-circuit from (1) to
1573 // (3) even in chunking mode if the write size from (1) is over some
1574 // threshold and nothing is in (2). The answer might be mostly making
1575 // bufferBeforeChunkingSize smaller and having bufio's fast-paths deal
1576 // with this instead.
1579 }
1583 }
1585 // either dataB or dataS is non-zero.
1590 w.conn.server.logf("http: response.Write on hijacked connection from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line)
1591 }
1593 }
1596 // Body reader wants to write 100 Continue but hasn't yet.
1597 // Tell it not to. The store must be done while holding the lock
1598 // because the lock makes sure that there is not an active write
1599 // this very moment.
1603 }
1607 }
1610 }
1613 }
1618 }
1623 }
1624 }
1631 }
1640 // Close the body (regardless of w.closeAfterReply) so we can
1641 // re-use its bufio.Reader later safely.
1646 }
1647 }
1649 // shouldReuseConnection reports whether the underlying TCP connection can be reused.
1650 // It must only be called after the handler is done executing.
1653 // The request or something set while executing the
1654 // handler indicated we shouldn't reuse this
1655 // connection.
1657 }
1659 if w.req.Method != "HEAD" && w.contentLength != -1 && w.bodyAllowed() && w.contentLength != w.written {
1660 // Did not write enough. Avoid getting out of sync.
1662 }
1664 // There was some error writing to the underlying connection
1665 // during the request, so don't re-use this conn.
1668 }
1672 }
1675 }
1680 }
1685 }
1688 }
1692 // Steal the bufio.Reader (~4KB worth of memory) and its associated
1693 // reader for a future connection.
1696 }
1700 // Steal the bufio.Writer (~4KB worth of memory) and its associated
1701 // writer for a future connection.
1704 }
1705 }
1707 // Close the connection.
1711 }
1713 // rstAvoidanceDelay is the amount of time we sleep after closing the
1714 // write side of a TCP connection before closing the entire socket.
1715 // By sleeping, we increase the chances that the client sees our FIN
1716 // and processes its final data before they process the subsequent RST
1717 // from closing a connection with known unread data.
1718 // This RST seems to occur mostly on BSD systems. (And Windows?)
1719 // This timeout is somewhat arbitrary (~latency around the planet).
1724 }
1728 // closeWrite flushes any outstanding data and sends a FIN packet (if
1729 // client is connected via TCP), signalling that we're done. We then
1730 // pause for a bit, hoping the client processes it before any
1731 // subsequent RST.
1732 //
1733 // See https://golang.org/issue/3595
1738 }
1740 }
1742 // validNextProto reports whether the proto is a valid ALPN protocol name.
1743 // Everything is valid except the empty string and built-in protocol types,
1744 // so that those can't be overridden with alternate implementations.
1749 }
1751 }
1756 )
1765 }
1768 }
1772 return
1773 }
1776 }
1777 }
1782 }
1784 // badRequestError is a literal string (used by in the server in HTML,
1785 // unescaped) to tell the user why their request was bad. It should
1786 // be plain text without user info or other embedded errors.
1789 // statusError is an error used to respond to a request with an HTTP status.
1790 // The text should be plain text without user info or other embedded errors.
1792 code int
1793 text string
1794 }
1798 // ErrAbortHandler is a sentinel panic value to abort a handler.
1799 // While any panic from ServeHTTP aborts the response to the client,
1800 // panicking with ErrAbortHandler also suppresses logging of a stack
1801 // trace to the server's error log.
1804 // isCommonNetReadError reports whether err is a common error
1805 // encountered during reading a request off the network when the
1806 // client has gone away or had its read fail somehow. This is used to
1807 // determine which logs are interesting enough to log about.
1811 }
1814 }
1817 }
1819 }
1821 // Serve a new connection.
1832 }
1835 }
1840 }
1843 }
1844 }()
1852 }
1854 // If the handshake failed due to the client not speaking
1855 // TLS, assume they're speaking plaintext HTTP and write a
1856 // 400 response on the TLS conn's underlying net.Conn.
1857 if re, ok := err.(tls.RecordHeaderError); ok && re.Conn != nil && tlsRecordHeaderLooksLikeHTTP(re.RecordHeader) {
1858 io.WriteString(re.Conn, "HTTP/1.0 400 Bad Request\r\n\r\nClient sent an HTTP request to an HTTPS server.\n")
1860 return
1861 }
1863 return
1864 }
1865 // Restore Conn-level deadlines.
1869 }
1875 // Mark freshly created HTTP/2 as active and prevent any server state hooks
1876 // from being run on these connections. This prevents closeIdleConns from
1877 // closing such connections. See issue https://golang.org/issue/39776.
1880 }
1881 return
1882 }
1883 }
1885 // HTTP/1.x from here on.
1898 // If we read any bytes off the wire, we're active.
1900 }
1902 const errorHeaders = "\r\nContent-Type: text/plain; charset=utf-8\r\nConnection: close\r\n\r\n"
1906 // Their HTTP client may or may not be
1907 // able to read this if we're
1908 // responding to them and hanging up
1909 // while they're still writing their
1910 // request. Undefined behavior.
1914 return
1917 // Respond as per RFC 7230 Section 3.3.1 which says,
1918 // A server that receives a request message with a
1919 // transfer coding it does not understand SHOULD
1920 // respond with 501 (Unimplemented).
1921 code := StatusNotImplemented
1923 // We purposefully aren't echoing back the transfer-encoding's value,
1924 // so as to mitigate the risk of cross side scripting by an attacker.
1925 fmt.Fprintf(c.rwc, "HTTP/1.1 %d %s%sUnsupported transfer encoding", code, StatusText(code), errorHeaders)
1926 return
1933 fmt.Fprintf(c.rwc, "HTTP/1.1 %d %s: %s%s%d %s: %s", v.code, StatusText(v.code), v.text, errorHeaders, v.code, StatusText(v.code), v.text)
1934 return
1935 }
1938 return
1939 }
1940 }
1942 // Expect 100 Continue support
1946 // Wrap the Body reader with one that replies on the connection
1949 }
1952 return
1953 }
1961 }
1963 // HTTP cannot have multiple simultaneous active requests.[*]
1964 // Until the server replies to this request, it can't read another,
1965 // so we might as well run the handler in this goroutine.
1966 // [*] Not strictly true: HTTP pipelining. We could let them all process
1967 // in parallel even if their responses need to be serialized.
1968 // But we're not going to implement HTTP pipelining because it
1969 // was never deployed in the wild and the answer is HTTP/2.
1970 inFlightResponse = w
1975 return
1976 }
1981 }
1982 return
1983 }
1988 // We're in shutdown mode. We might've replied
1989 // to the user without "Connection: close" and
1990 // they might think they can send another
1991 // request, but such is life with HTTP/1.1.
1992 return
1993 }
1998 return
1999 }
2000 }
2002 }
2003 }
2006 // TODO(bradfitz): let ServeHTTP handlers handle
2007 // requests with non-standard expectation[s]? Seems
2008 // theoretical at best, and doesn't fit into the
2009 // current ServeHTTP model anyway. We'd need to
2010 // make the ResponseWriter an optional
2011 // "ExpectReplier" interface or something.
2012 //
2013 // For now we'll just obey RFC 7231 5.1.1 which says
2014 // "A server that receives an Expect field-value other
2015 // than 100-continue MAY respond with a 417 (Expectation
2016 // Failed) status code to indicate that the unexpected
2017 // expectation cannot be met."
2021 }
2023 // Hijack implements the Hijacker.Hijack method. Our response is both a ResponseWriter
2024 // and a Hijacker.
2028 }
2031 }
2037 // Release the bufioWriter that writes to the chunk writer, it is not
2038 // used after a connection has been hijacked.
2043 }
2045 }
2050 }
2052 }
2062 }
2063 }
2065 // requestBodyRemains reports whether future calls to Read
2066 // on rc might yield more data.
2070 }
2078 }
2079 }
2081 // The HandlerFunc type is an adapter to allow the use of
2082 // ordinary functions as HTTP handlers. If f is a function
2083 // with the appropriate signature, HandlerFunc(f) is a
2084 // Handler that calls f.
2087 // ServeHTTP calls f(w, r).
2090 }
2092 // Helper handlers
2094 // Error replies to the request with the specified error message and HTTP code.
2095 // It does not otherwise end the request; the caller should ensure no further
2096 // writes are done to w.
2097 // The error message should be plain text.
2103 }
2105 // NotFound replies to the request with an HTTP 404 not found error.
2108 // NotFoundHandler returns a simple request handler
2109 // that replies to each request with a ``404 page not found'' reply.
2112 // StripPrefix returns a handler that serves HTTP requests by removing the
2113 // given prefix from the request URL's Path (and RawPath if set) and invoking
2114 // the handler h. StripPrefix handles a request for a path that doesn't begin
2115 // with prefix by replying with an HTTP 404 not found error. The prefix must
2116 // match exactly: if the prefix in the request contains escaped characters
2117 // the reply is also an HTTP 404 not found error.
2120 return h
2121 }
2135 }
2136 })
2137 }
2139 // Redirect replies to the request with a redirect to url,
2140 // which may be a path relative to the request path.
2141 //
2142 // The provided code should be in the 3xx range and is usually
2143 // StatusMovedPermanently, StatusFound or StatusSeeOther.
2144 //
2145 // If the Content-Type header has not been set, Redirect sets it
2146 // to "text/html; charset=utf-8" and writes a small HTML body.
2147 // Setting the Content-Type header to any value, including nil,
2148 // disables that behavior.
2151 // If url was relative, make its path absolute by
2152 // combining with request path.
2153 // The client would probably do this for us,
2154 // but doing it ourselves is more reliable.
2155 // See RFC 7231, section 7.1.2
2160 }
2162 // no leading http://server
2164 // make relative path absolute
2167 }
2172 }
2174 // clean up but preserve trailing slash
2179 }
2180 url += query
2181 }
2182 }
2186 // RFC 7231 notes that a short HTML body is usually included in
2187 // the response because older user agents may not understand 301/307.
2188 // Do it only if the request didn't already have a Content-Type header.
2194 }
2197 // Shouldn't send the body for POST or HEAD; that leaves GET.
2201 }
2202 }
2208 // """ is shorter than """.
2210 // "'" is shorter than "'" and apos was not in HTML until HTML5.
2212 )
2216 }
2218 // Redirect to a fixed URL
2220 url string
2221 code int
2222 }
2226 }
2228 // RedirectHandler returns a request handler that redirects
2229 // each request it receives to the given url using the given
2230 // status code.
2231 //
2232 // The provided code should be in the 3xx range and is usually
2233 // StatusMovedPermanently, StatusFound or StatusSeeOther.
2236 }
2238 // ServeMux is an HTTP request multiplexer.
2239 // It matches the URL of each incoming request against a list of registered
2240 // patterns and calls the handler for the pattern that
2241 // most closely matches the URL.
2242 //
2243 // Patterns name fixed, rooted paths, like "/favicon.ico",
2244 // or rooted subtrees, like "/images/" (note the trailing slash).
2245 // Longer patterns take precedence over shorter ones, so that
2246 // if there are handlers registered for both "/images/"
2247 // and "/images/thumbnails/", the latter handler will be
2248 // called for paths beginning "/images/thumbnails/" and the
2249 // former will receive requests for any other paths in the
2250 // "/images/" subtree.
2251 //
2252 // Note that since a pattern ending in a slash names a rooted subtree,
2253 // the pattern "/" matches all paths not matched by other registered
2254 // patterns, not just the URL with Path == "/".
2255 //
2256 // If a subtree has been registered and a request is received naming the
2257 // subtree root without its trailing slash, ServeMux redirects that
2258 // request to the subtree root (adding the trailing slash). This behavior can
2259 // be overridden with a separate registration for the path without
2260 // the trailing slash. For example, registering "/images/" causes ServeMux
2261 // to redirect a request for "/images" to "/images/", unless "/images" has
2262 // been registered separately.
2263 //
2264 // Patterns may optionally begin with a host name, restricting matches to
2265 // URLs on that host only. Host-specific patterns take precedence over
2266 // general patterns, so that a handler might register for the two patterns
2267 // "/codesearch" and "codesearch.google.com/" without also taking over
2268 // requests for "http://www.google.com/".
2269 //
2270 // ServeMux also takes care of sanitizing the URL request path and the Host
2271 // header, stripping the port number and redirecting any request containing . or
2272 // .. elements or repeated slashes to an equivalent, cleaner URL.
2274 mu sync.RWMutex
2278 }
2281 h Handler
2282 pattern string
2283 }
2285 // NewServeMux allocates and returns a new ServeMux.
2288 // DefaultServeMux is the default ServeMux used by Serve.
2291 var defaultServeMux ServeMux
2293 // cleanPath returns the canonical path for p, eliminating . and .. elements.
2297 }
2300 }
2302 // path.Clean removes trailing slash except for root;
2303 // put the trailing slash back if necessary.
2305 // Fast path for common case of p being the string we want:
2307 np = p
2310 }
2311 }
2312 return np
2313 }
2315 // stripHostPort returns h without any trailing ":<port>".
2317 // If no port on host, return unchanged
2319 return h
2320 }
2324 }
2325 return host
2326 }
2328 // Find a handler on a handler map given a path string.
2329 // Most-specific (longest) pattern wins.
2331 // Check for exact match first.
2335 }
2337 // Check for longest valid match. mux.es contains all patterns
2338 // that end in / sorted from longest to shortest.
2342 }
2343 }
2345 }
2347 // redirectToPathSlash determines if the given path needs appending "/" to it.
2348 // This occurs when a handler for path + "/" was already registered, but
2349 // not for path itself. If the path needs appending to, it creates a new
2350 // URL, setting the path to u.Path + "/" and returning true to indicate so.
2357 }
2361 }
2363 // shouldRedirectRLocked reports whether the given path and host should be redirected to
2364 // path+"/". This should happen if a handler is registered for path+"/" but
2365 // not path -- see comments at ServeMux.
2372 }
2373 }
2378 }
2382 }
2383 }
2386 }
2388 // Handler returns the handler to use for the given request,
2389 // consulting r.Method, r.Host, and r.URL.Path. It always returns
2390 // a non-nil handler. If the path is not in its canonical form, the
2391 // handler will be an internally-generated handler that redirects
2392 // to the canonical path. If the host contains a port, it is ignored
2393 // when matching handlers.
2394 //
2395 // The path and host are used unchanged for CONNECT requests.
2396 //
2397 // Handler also returns the registered pattern that matches the
2398 // request or, in the case of internally-generated redirects,
2399 // the pattern that will match after following the redirect.
2400 //
2401 // If there is no registered handler that applies to the request,
2402 // Handler returns a ``page not found'' handler and an empty pattern.
2405 // CONNECT requests are not canonicalized.
2407 // If r.URL.Path is /tree and its handler is not registered,
2408 // the /tree -> /tree/ redirect applies to CONNECT requests
2409 // but the path canonicalization does not.
2412 }
2415 }
2417 // All other requests have any port stripped and path cleaned
2418 // before passing to mux.handler.
2422 // If the given path is /tree and its handler is not registered,
2423 // redirect for /tree/.
2426 }
2432 }
2435 }
2437 // handler is the main implementation of Handler.
2438 // The path is known to be in canonical form, except for CONNECT methods.
2443 // Host-specific pattern takes precedence over generic ones
2446 }
2449 }
2452 }
2453 return
2454 }
2456 // ServeHTTP dispatches the request to the handler whose
2457 // pattern most closely matches the request URL.
2462 }
2464 return
2465 }
2468 }
2470 // Handle registers the handler for the given pattern.
2471 // If a handler already exists for pattern, Handle panics.
2478 }
2481 }
2484 }
2488 }
2493 }
2497 }
2498 }
2504 })
2507 }
2508 // we now know that i points at where we want to insert
2512 return es
2513 }
2515 // HandleFunc registers the handler function for the given pattern.
2519 }
2521 }
2523 // Handle registers the handler for the given pattern
2524 // in the DefaultServeMux.
2525 // The documentation for ServeMux explains how patterns are matched.
2528 // HandleFunc registers the handler function for the given pattern
2529 // in the DefaultServeMux.
2530 // The documentation for ServeMux explains how patterns are matched.
2533 }
2535 // Serve accepts incoming HTTP connections on the listener l,
2536 // creating a new service goroutine for each. The service goroutines
2537 // read requests and then call handler to reply to them.
2538 //
2539 // The handler is typically nil, in which case the DefaultServeMux is used.
2540 //
2541 // HTTP/2 support is only enabled if the Listener returns *tls.Conn
2542 // connections and they were configured with "h2" in the TLS
2543 // Config.NextProtos.
2544 //
2545 // Serve always returns a non-nil error.
2549 }
2551 // ServeTLS accepts incoming HTTPS connections on the listener l,
2552 // creating a new service goroutine for each. The service goroutines
2553 // read requests and then call handler to reply to them.
2554 //
2555 // The handler is typically nil, in which case the DefaultServeMux is used.
2556 //
2557 // Additionally, files containing a certificate and matching private key
2558 // for the server must be provided. If the certificate is signed by a
2559 // certificate authority, the certFile should be the concatenation
2560 // of the server's certificate, any intermediates, and the CA's certificate.
2561 //
2562 // ServeTLS always returns a non-nil error.
2566 }
2568 // A Server defines parameters for running an HTTP server.
2569 // The zero value for Server is a valid configuration.
2571 // Addr optionally specifies the TCP address for the server to listen on,
2572 // in the form "host:port". If empty, ":http" (port 80) is used.
2573 // The service names are defined in RFC 6335 and assigned by IANA.
2574 // See net.Dial for details of the address format.
2575 Addr string
2577 Handler Handler // handler to invoke, http.DefaultServeMux if nil
2579 // TLSConfig optionally provides a TLS configuration for use
2580 // by ServeTLS and ListenAndServeTLS. Note that this value is
2581 // cloned by ServeTLS and ListenAndServeTLS, so it's not
2582 // possible to modify the configuration with methods like
2583 // tls.Config.SetSessionTicketKeys. To use
2584 // SetSessionTicketKeys, use Server.Serve with a TLS Listener
2585 // instead.
2588 // ReadTimeout is the maximum duration for reading the entire
2589 // request, including the body. A zero or negative value means
2590 // there will be no timeout.
2591 //
2592 // Because ReadTimeout does not let Handlers make per-request
2593 // decisions on each request body's acceptable deadline or
2594 // upload rate, most users will prefer to use
2595 // ReadHeaderTimeout. It is valid to use them both.
2596 ReadTimeout time.Duration
2598 // ReadHeaderTimeout is the amount of time allowed to read
2599 // request headers. The connection's read deadline is reset
2600 // after reading the headers and the Handler can decide what
2601 // is considered too slow for the body. If ReadHeaderTimeout
2602 // is zero, the value of ReadTimeout is used. If both are
2603 // zero, there is no timeout.
2604 ReadHeaderTimeout time.Duration
2606 // WriteTimeout is the maximum duration before timing out
2607 // writes of the response. It is reset whenever a new
2608 // request's header is read. Like ReadTimeout, it does not
2609 // let Handlers make decisions on a per-request basis.
2610 // A zero or negative value means there will be no timeout.
2611 WriteTimeout time.Duration
2613 // IdleTimeout is the maximum amount of time to wait for the
2614 // next request when keep-alives are enabled. If IdleTimeout
2615 // is zero, the value of ReadTimeout is used. If both are
2616 // zero, there is no timeout.
2617 IdleTimeout time.Duration
2619 // MaxHeaderBytes controls the maximum number of bytes the
2620 // server will read parsing the request header's keys and
2621 // values, including the request line. It does not limit the
2622 // size of the request body.
2623 // If zero, DefaultMaxHeaderBytes is used.
2624 MaxHeaderBytes int
2626 // TLSNextProto optionally specifies a function to take over
2627 // ownership of the provided TLS connection when an ALPN
2628 // protocol upgrade has occurred. The map key is the protocol
2629 // name negotiated. The Handler argument should be used to
2630 // handle HTTP requests and will initialize the Request's TLS
2631 // and RemoteAddr if not already set. The connection is
2632 // automatically closed when the function returns.
2633 // If TLSNextProto is not nil, HTTP/2 support is not enabled
2634 // automatically.
2637 // ConnState specifies an optional callback function that is
2638 // called when a client connection changes state. See the
2639 // ConnState type and associated constants for details.
2642 // ErrorLog specifies an optional logger for errors accepting
2643 // connections, unexpected behavior from handlers, and
2644 // underlying FileSystem errors.
2645 // If nil, logging is done via the log package's standard logger.
2648 // BaseContext optionally specifies a function that returns
2649 // the base context for incoming requests on this server.
2650 // The provided Listener is the specific Listener that's
2651 // about to start accepting requests.
2652 // If BaseContext is nil, the default is context.Background().
2653 // If non-nil, it must return a non-nil context.
2656 // ConnContext optionally specifies a function that modifies
2657 // the context used for a new connection c. The provided ctx
2658 // is derived from the base context and has a ServerContextKey
2659 // value.
2662 inShutdown atomicBool // true when server is in shutdown
2666 nextProtoErr error // result of http2.ConfigureServer if used
2668 mu sync.Mutex
2673 }
2679 }
2684 }
2686 }
2692 // Already closed. Don't close again.
2694 // Safe to close here. We're the only closer, guarded
2695 // by s.mu.
2697 }
2698 }
2700 // Close immediately closes all active net.Listeners and any
2701 // connections in state StateNew, StateActive, or StateIdle. For a
2702 // graceful shutdown, use Shutdown.
2703 //
2704 // Close does not attempt to close (and does not even know about)
2705 // any hijacked connections, such as WebSockets.
2706 //
2707 // Close returns any error returned from closing the Server's
2708 // underlying Listener(s).
2718 }
2719 return err
2720 }
2722 // shutdownPollIntervalMax is the max polling interval when checking
2723 // quiescence during Server.Shutdown. Polling starts with a small
2724 // interval and backs off to the max.
2725 // Ideally we could find a solution that doesn't involve polling,
2726 // but which also doesn't have a high runtime cost (and doesn't
2727 // involve any contentious mutexes), but that is left as an
2728 // exercise for the reader.
2731 // Shutdown gracefully shuts down the server without interrupting any
2732 // active connections. Shutdown works by first closing all open
2733 // listeners, then closing all idle connections, and then waiting
2734 // indefinitely for connections to return to idle and then shut down.
2735 // If the provided context expires before the shutdown is complete,
2736 // Shutdown returns the context's error, otherwise it returns any
2737 // error returned from closing the Server's underlying Listener(s).
2738 //
2739 // When Shutdown is called, Serve, ListenAndServe, and
2740 // ListenAndServeTLS immediately return ErrServerClosed. Make sure the
2741 // program doesn't exit and waits instead for Shutdown to return.
2742 //
2743 // Shutdown does not attempt to close nor wait for hijacked
2744 // connections such as WebSockets. The caller of Shutdown should
2745 // separately notify such long-lived connections of shutdown and wait
2746 // for them to close, if desired. See RegisterOnShutdown for a way to
2747 // register shutdown notification functions.
2748 //
2749 // Once Shutdown has been called on a server, it may not be reused;
2750 // future calls to methods such as Serve will return ErrServerClosed.
2759 }
2764 // Add 10% jitter.
2766 // Double and clamp for next time.
2769 pollIntervalBase = shutdownPollIntervalMax
2770 }
2771 return interval
2772 }
2778 return lnerr
2779 }
2785 }
2786 }
2787 }
2789 // RegisterOnShutdown registers a function to call on Shutdown.
2790 // This can be used to gracefully shutdown connections that have
2791 // undergone ALPN protocol upgrade or that have been hijacked.
2792 // This function should start protocol-specific graceful shutdown,
2793 // but should not wait for shutdown to complete.
2798 }
2804 }
2806 // closeIdleConns closes all idle connections and reports whether the
2807 // server is quiescent.
2814 // Issue 22682: treat StateNew connections as if
2815 // they're idle if we haven't read the first request's
2816 // header in over 5 seconds.
2818 st = StateIdle
2819 }
2821 // Assume unixSec == 0 means it's a very new
2822 // connection, without state set yet.
2824 continue
2825 }
2828 }
2829 return quiescent
2830 }
2833 var err error
2836 err = cerr
2837 }
2838 }
2839 return err
2840 }
2842 // A ConnState represents the state of a client connection to a server.
2843 // It's used by the optional Server.ConnState hook.
2847 // StateNew represents a new connection that is expected to
2848 // send a request immediately. Connections begin at this
2849 // state and then transition to either StateActive or
2850 // StateClosed.
2853 // StateActive represents a connection that has read 1 or more
2854 // bytes of a request. The Server.ConnState hook for
2855 // StateActive fires before the request has entered a handler
2856 // and doesn't fire again until the request has been
2857 // handled. After the request is handled, the state
2858 // transitions to StateClosed, StateHijacked, or StateIdle.
2859 // For HTTP/2, StateActive fires on the transition from zero
2860 // to one active request, and only transitions away once all
2861 // active requests are complete. That means that ConnState
2862 // cannot be used to do per-request work; ConnState only notes
2863 // the overall state of the connection.
2864 StateActive
2866 // StateIdle represents a connection that has finished
2867 // handling a request and is in the keep-alive state, waiting
2868 // for a new request. Connections transition from StateIdle
2869 // to either StateActive or StateClosed.
2870 StateIdle
2872 // StateHijacked represents a hijacked connection.
2873 // This is a terminal state. It does not transition to StateClosed.
2874 StateHijacked
2876 // StateClosed represents a closed connection.
2877 // This is a terminal state. Hijacked connections do not
2878 // transition to StateClosed.
2879 StateClosed
2880 )
2888 }
2892 }
2894 // serverHandler delegates to either the server's Handler or
2895 // DefaultServeMux and also handles "OPTIONS *" requests.
2897 srv *Server
2898 }
2903 handler = DefaultServeMux
2904 }
2907 }
2913 }))
2916 sh.srv.logf("http: URL query contains semicolon, which is no longer a supported separator; parts of the query may be stripped when parsed; see golang.org/issue/25192")
2917 }
2918 }()
2919 }
2922 }
2926 // AllowQuerySemicolons returns a handler that serves requests by converting any
2927 // unescaped semicolons in the URL query to ampersands, and invoking the handler h.
2928 //
2929 // This restores the pre-Go 1.17 behavior of splitting query parameters on both
2930 // semicolons and ampersands. (See golang.org/issue/25192). Note that this
2931 // behavior doesn't match that of many proxies, and the mismatch can lead to
2932 // security issues.
2933 //
2934 // AllowQuerySemicolons should be invoked before Request.ParseForm is called.
2939 }
2949 }
2950 })
2951 }
2953 // ListenAndServe listens on the TCP network address srv.Addr and then
2954 // calls Serve to handle requests on incoming connections.
2955 // Accepted connections are configured to enable TCP keep-alives.
2956 //
2957 // If srv.Addr is blank, ":http" is used.
2958 //
2959 // ListenAndServe always returns a non-nil error. After Shutdown or Close,
2960 // the returned error is ErrServerClosed.
2963 return ErrServerClosed
2964 }
2968 }
2971 return err
2972 }
2974 }
2978 // shouldDoServeHTTP2 reports whether Server.Serve should configure
2979 // automatic HTTP/2. (which sets up the srv.TLSNextProto map)
2982 // Compatibility with Go 1.6:
2983 // If there's no TLSConfig, it's possible that the user just
2984 // didn't set it on the http.Server, but did pass it to
2985 // tls.NewListener and passed that listener to Serve.
2986 // So we should configure HTTP/2 (to set up srv.TLSNextProto)
2987 // in case the listener returns an "h2" *tls.Conn.
2989 }
2990 // The user specified a TLSConfig on their http.Server.
2991 // In this, case, only configure HTTP/2 if their tls.Config
2992 // explicitly mentions "h2". Otherwise http2.ConfigureServer
2993 // would modify the tls.Config to add it, but they probably already
2994 // passed this tls.Config to tls.NewListener. And if they did,
2995 // it's too late anyway to fix it. It would only be potentially racy.
2996 // See Issue 15908.
2998 }
3000 // ErrServerClosed is returned by the Server's Serve, ServeTLS, ListenAndServe,
3001 // and ListenAndServeTLS methods after a call to Shutdown or Close.
3004 // Serve accepts incoming connections on the Listener l, creating a
3005 // new service goroutine for each. The service goroutines read requests and
3006 // then call srv.Handler to reply to them.
3007 //
3008 // HTTP/2 support is only enabled if the Listener returns *tls.Conn
3009 // connections and they were configured with "h2" in the TLS
3010 // Config.NextProtos.
3011 //
3012 // Serve always returns a non-nil error and closes l.
3013 // After Shutdown or Close, the returned error is ErrServerClosed.
3017 }
3019 origListener := l
3024 return err
3025 }
3028 return ErrServerClosed
3029 }
3037 }
3038 }
3048 return ErrServerClosed
3050 }
3056 }
3058 tempDelay = max
3059 }
3062 continue
3063 }
3064 return err
3065 }
3066 connCtx := ctx
3071 }
3072 }
3077 }
3078 }
3080 // ServeTLS accepts incoming connections on the Listener l, creating a
3081 // new service goroutine for each. The service goroutines perform TLS
3082 // setup and then read requests, calling srv.Handler to reply to them.
3083 //
3084 // Files containing a certificate and matching private key for the
3085 // server must be provided if neither the Server's
3086 // TLSConfig.Certificates nor TLSConfig.GetCertificate are populated.
3087 // If the certificate is signed by a certificate authority, the
3088 // certFile should be the concatenation of the server's certificate,
3089 // any intermediates, and the CA's certificate.
3090 //
3091 // ServeTLS always returns a non-nil error. After Shutdown or Close, the
3092 // returned error is ErrServerClosed.
3094 // Setup HTTP/2 before srv.Serve, to initialize srv.TLSConfig
3095 // before we clone it and create the TLS Listener.
3097 return err
3098 }
3103 }
3107 var err error
3111 return err
3112 }
3113 }
3117 }
3119 // trackListener adds or removes a net.Listener to the set of tracked
3120 // listeners.
3121 //
3122 // We store a pointer to interface in the map set, in case the
3123 // net.Listener is not comparable. This is safe because we only call
3124 // trackListener via Serve and can track+defer untrack the same
3125 // pointer to local variable there. We never need to compare a
3126 // Listener from another caller.
3127 //
3128 // It reports whether the server is still up (not Shutdown or Closed).
3134 }
3138 }
3142 }
3144 }
3151 }
3156 }
3157 }
3162 }
3164 }
3169 }
3171 }
3175 }
3179 }
3181 // SetKeepAlivesEnabled controls whether HTTP keep-alives are enabled.
3182 // By default, keep-alives are always enabled. Only very
3183 // resource-constrained environments or servers in the process of
3184 // shutting down should disable them.
3188 return
3189 }
3192 // Close idle HTTP/1 conns:
3195 // TODO: Issue 26303: close HTTP/2 conns as soon as they become idle.
3196 }
3203 }
3204 }
3206 // logf prints to the ErrorLog of the *Server associated with request r
3207 // via ServerContextKey. If there's no associated server, or if ErrorLog
3208 // is nil, logging is done via the log package's standard logger.
3215 }
3216 }
3218 // ListenAndServe listens on the TCP network address addr and then calls
3219 // Serve with handler to handle requests on incoming connections.
3220 // Accepted connections are configured to enable TCP keep-alives.
3221 //
3222 // The handler is typically nil, in which case the DefaultServeMux is used.
3223 //
3224 // ListenAndServe always returns a non-nil error.
3228 }
3230 // ListenAndServeTLS acts identically to ListenAndServe, except that it
3231 // expects HTTPS connections. Additionally, files containing a certificate and
3232 // matching private key for the server must be provided. If the certificate
3233 // is signed by a certificate authority, the certFile should be the concatenation
3234 // of the server's certificate, any intermediates, and the CA's certificate.
3238 }
3240 // ListenAndServeTLS listens on the TCP network address srv.Addr and
3241 // then calls ServeTLS to handle requests on incoming TLS connections.
3242 // Accepted connections are configured to enable TCP keep-alives.
3243 //
3244 // Filenames containing a certificate and matching private key for the
3245 // server must be provided if neither the Server's TLSConfig.Certificates
3246 // nor TLSConfig.GetCertificate are populated. If the certificate is
3247 // signed by a certificate authority, the certFile should be the
3248 // concatenation of the server's certificate, any intermediates, and
3249 // the CA's certificate.
3250 //
3251 // If srv.Addr is blank, ":https" is used.
3252 //
3253 // ListenAndServeTLS always returns a non-nil error. After Shutdown or
3254 // Close, the returned error is ErrServerClosed.
3257 return ErrServerClosed
3258 }
3262 }
3266 return err
3267 }
3272 }
3274 // setupHTTP2_ServeTLS conditionally configures HTTP/2 on
3275 // srv and reports whether there was an error setting it up. If it is
3276 // not configured for policy reasons, nil is returned.
3280 }
3282 // setupHTTP2_Serve is called from (*Server).Serve and conditionally
3283 // configures HTTP/2 on srv using a more conservative policy than
3284 // setupHTTP2_ServeTLS because Serve is called after tls.Listen,
3285 // and may be called concurrently. See shouldConfigureHTTP2ForServe.
3286 //
3287 // The tests named TestTransportAutomaticHTTP2* and
3288 // TestConcurrentServerServe in server_test.go demonstrate some
3289 // of the supported use cases and motivations.
3293 }
3298 }
3299 }
3301 // onceSetNextProtoDefaults configures HTTP/2, if the user hasn't
3302 // configured otherwise. (by setting srv.TLSNextProto non-nil)
3303 // It must only be called via srv.nextProtoOnce (use srv.setupHTTP2_*).
3306 return
3307 }
3308 // Enable HTTP/2 by default if the user hasn't otherwise
3309 // configured their TLSNextProto map.
3313 }
3315 }
3316 }
3318 // TimeoutHandler returns a Handler that runs h with the given time limit.
3319 //
3320 // The new Handler calls h.ServeHTTP to handle each request, but if a
3321 // call runs for longer than its time limit, the handler responds with
3322 // a 503 Service Unavailable error and the given message in its body.
3323 // (If msg is empty, a suitable default message will be sent.)
3324 // After such a timeout, writes by h to its ResponseWriter will return
3325 // ErrHandlerTimeout.
3326 //
3327 // TimeoutHandler supports the Pusher interface but does not support
3328 // the Hijacker or Flusher interfaces.
3334 }
3335 }
3337 // ErrHandlerTimeout is returned on ResponseWriter Write calls
3338 // in handlers which have timed out.
3342 handler Handler
3343 body string
3344 dt time.Duration
3346 // When set, no context will be created and this context will
3347 // be used instead.
3348 testContext context.Context
3349 }
3354 }
3356 }
3364 }
3371 }
3376 panicChan <- p
3377 }
3378 }()
3381 }()
3391 }
3394 }
3408 }
3409 }
3410 }
3413 w ResponseWriter
3414 h Header
3415 wbuf bytes.Buffer
3416 req *Request
3418 mu sync.Mutex
3419 err error
3420 wroteHeader bool
3421 code int
3422 }
3426 // Push implements the Pusher interface.
3430 }
3431 return ErrNotSupported
3432 }
3441 }
3444 }
3446 }
3453 return
3457 logf(tw.req, "http: superfluous response.WriteHeader call from %s (%s:%d)", caller.Function, path.Base(caller.File), caller.Line)
3458 }
3462 }
3463 }
3469 }
3471 // onceCloseListener wraps a net.Listener, protecting it from
3472 // multiple Close calls.
3474 net.Listener
3475 once sync.Once
3476 closeErr error
3477 }
3482 }
3486 // globalOptionsHandler responds to "OPTIONS *" requests.
3492 // Read up to 4KB of OPTIONS body (as mentioned in the
3493 // spec as being reserved for future use), but anything
3494 // over that is considered a waste of server resources
3495 // (or an attack) and we abort and close the connection,
3496 // courtesy of MaxBytesReader's EOF behavior.
3499 }
3500 }
3502 // initALPNRequest is an HTTP handler that initializes certain
3503 // uninitialized fields in its *Request. Such partially-initialized
3504 // Requests come from ALPN protocol handlers.
3506 ctx context.Context
3508 h serverHandler
3509 }
3511 // BaseContext is an exported but unadvertised http.Handler method
3512 // recognized by x/net/http2 to pass down a context; the TLSNextProto
3513 // API predates context support so we shoehorn through the only
3514 // interface we have available.
3521 }
3524 }
3527 }
3529 }
3531 // loggingConn is used for debugging.
3533 name string
3534 net.Conn
3535 }
3538 uniqNameMu sync.Mutex
3540 )
3549 }
3550 }
3556 return
3557 }
3563 return
3564 }
3570 return
3571 }
3573 // checkConnErrorWriter writes to c.rwc and records any write errors to c.werr.
3574 // It only contains one field (and a pointer field at that), so it
3575 // fits in an interface value without an extra allocation.
3577 c *conn
3578 }
3585 }
3586 return
3587 }
3592 n++
3593 continue
3594 }
3595 break
3596 }
3597 return
3599 }
3605 }
3606 }
3608 }
3610 // tlsRecordHeaderLooksLikeHTTP reports whether a TLS record header
3611 // looks like it might've been a misdirected plaintext HTTP request.
3616 }
3618 }
3620 // MaxBytesHandler returns a Handler that runs h with its ResponseWriter and Request.Body wrapped by a MaxBytesReader.
3623 r2 := *r
3626 })
3627 }