...

Source file src/net/http/request.go

Documentation: net/http

		 1  // Copyright 2009 The Go Authors. All rights reserved.
		 2  // Use of this source code is governed by a BSD-style
		 3  // license that can be found in the LICENSE file.
		 4  
		 5  // HTTP Request reading and parsing.
		 6  
		 7  package http
		 8  
		 9  import (
		10  	"bufio"
		11  	"bytes"
		12  	"context"
		13  	"crypto/tls"
		14  	"encoding/base64"
		15  	"errors"
		16  	"fmt"
		17  	"io"
		18  	"mime"
		19  	"mime/multipart"
		20  	"net"
		21  	"net/http/httptrace"
		22  	"net/http/internal/ascii"
		23  	"net/textproto"
		24  	"net/url"
		25  	urlpkg "net/url"
		26  	"strconv"
		27  	"strings"
		28  	"sync"
		29  
		30  	"golang.org/x/net/idna"
		31  )
		32  
		33  const (
		34  	defaultMaxMemory = 32 << 20 // 32 MB
		35  )
		36  
		37  // ErrMissingFile is returned by FormFile when the provided file field name
		38  // is either not present in the request or not a file field.
		39  var ErrMissingFile = errors.New("http: no such file")
		40  
		41  // ProtocolError represents an HTTP protocol error.
		42  //
		43  // Deprecated: Not all errors in the http package related to protocol errors
		44  // are of type ProtocolError.
		45  type ProtocolError struct {
		46  	ErrorString string
		47  }
		48  
		49  func (pe *ProtocolError) Error() string { return pe.ErrorString }
		50  
		51  var (
		52  	// ErrNotSupported is returned by the Push method of Pusher
		53  	// implementations to indicate that HTTP/2 Push support is not
		54  	// available.
		55  	ErrNotSupported = &ProtocolError{"feature not supported"}
		56  
		57  	// Deprecated: ErrUnexpectedTrailer is no longer returned by
		58  	// anything in the net/http package. Callers should not
		59  	// compare errors against this variable.
		60  	ErrUnexpectedTrailer = &ProtocolError{"trailer header without chunked transfer encoding"}
		61  
		62  	// ErrMissingBoundary is returned by Request.MultipartReader when the
		63  	// request's Content-Type does not include a "boundary" parameter.
		64  	ErrMissingBoundary = &ProtocolError{"no multipart boundary param in Content-Type"}
		65  
		66  	// ErrNotMultipart is returned by Request.MultipartReader when the
		67  	// request's Content-Type is not multipart/form-data.
		68  	ErrNotMultipart = &ProtocolError{"request Content-Type isn't multipart/form-data"}
		69  
		70  	// Deprecated: ErrHeaderTooLong is no longer returned by
		71  	// anything in the net/http package. Callers should not
		72  	// compare errors against this variable.
		73  	ErrHeaderTooLong = &ProtocolError{"header too long"}
		74  
		75  	// Deprecated: ErrShortBody is no longer returned by
		76  	// anything in the net/http package. Callers should not
		77  	// compare errors against this variable.
		78  	ErrShortBody = &ProtocolError{"entity body too short"}
		79  
		80  	// Deprecated: ErrMissingContentLength is no longer returned by
		81  	// anything in the net/http package. Callers should not
		82  	// compare errors against this variable.
		83  	ErrMissingContentLength = &ProtocolError{"missing ContentLength in HEAD response"}
		84  )
		85  
		86  func badStringError(what, val string) error { return fmt.Errorf("%s %q", what, val) }
		87  
		88  // Headers that Request.Write handles itself and should be skipped.
		89  var reqWriteExcludeHeader = map[string]bool{
		90  	"Host":							true, // not in Header map anyway
		91  	"User-Agent":				true,
		92  	"Content-Length":		true,
		93  	"Transfer-Encoding": true,
		94  	"Trailer":					 true,
		95  }
		96  
		97  // A Request represents an HTTP request received by a server
		98  // or to be sent by a client.
		99  //
	 100  // The field semantics differ slightly between client and server
	 101  // usage. In addition to the notes on the fields below, see the
	 102  // documentation for Request.Write and RoundTripper.
	 103  type Request struct {
	 104  	// Method specifies the HTTP method (GET, POST, PUT, etc.).
	 105  	// For client requests, an empty string means GET.
	 106  	//
	 107  	// Go's HTTP client does not support sending a request with
	 108  	// the CONNECT method. See the documentation on Transport for
	 109  	// details.
	 110  	Method string
	 111  
	 112  	// URL specifies either the URI being requested (for server
	 113  	// requests) or the URL to access (for client requests).
	 114  	//
	 115  	// For server requests, the URL is parsed from the URI
	 116  	// supplied on the Request-Line as stored in RequestURI.	For
	 117  	// most requests, fields other than Path and RawQuery will be
	 118  	// empty. (See RFC 7230, Section 5.3)
	 119  	//
	 120  	// For client requests, the URL's Host specifies the server to
	 121  	// connect to, while the Request's Host field optionally
	 122  	// specifies the Host header value to send in the HTTP
	 123  	// request.
	 124  	URL *url.URL
	 125  
	 126  	// The protocol version for incoming server requests.
	 127  	//
	 128  	// For client requests, these fields are ignored. The HTTP
	 129  	// client code always uses either HTTP/1.1 or HTTP/2.
	 130  	// See the docs on Transport for details.
	 131  	Proto			string // "HTTP/1.0"
	 132  	ProtoMajor int		// 1
	 133  	ProtoMinor int		// 0
	 134  
	 135  	// Header contains the request header fields either received
	 136  	// by the server or to be sent by the client.
	 137  	//
	 138  	// If a server received a request with header lines,
	 139  	//
	 140  	//	Host: example.com
	 141  	//	accept-encoding: gzip, deflate
	 142  	//	Accept-Language: en-us
	 143  	//	fOO: Bar
	 144  	//	foo: two
	 145  	//
	 146  	// then
	 147  	//
	 148  	//	Header = map[string][]string{
	 149  	//		"Accept-Encoding": {"gzip, deflate"},
	 150  	//		"Accept-Language": {"en-us"},
	 151  	//		"Foo": {"Bar", "two"},
	 152  	//	}
	 153  	//
	 154  	// For incoming requests, the Host header is promoted to the
	 155  	// Request.Host field and removed from the Header map.
	 156  	//
	 157  	// HTTP defines that header names are case-insensitive. The
	 158  	// request parser implements this by using CanonicalHeaderKey,
	 159  	// making the first character and any characters following a
	 160  	// hyphen uppercase and the rest lowercase.
	 161  	//
	 162  	// For client requests, certain headers such as Content-Length
	 163  	// and Connection are automatically written when needed and
	 164  	// values in Header may be ignored. See the documentation
	 165  	// for the Request.Write method.
	 166  	Header Header
	 167  
	 168  	// Body is the request's body.
	 169  	//
	 170  	// For client requests, a nil body means the request has no
	 171  	// body, such as a GET request. The HTTP Client's Transport
	 172  	// is responsible for calling the Close method.
	 173  	//
	 174  	// For server requests, the Request Body is always non-nil
	 175  	// but will return EOF immediately when no body is present.
	 176  	// The Server will close the request body. The ServeHTTP
	 177  	// Handler does not need to.
	 178  	//
	 179  	// Body must allow Read to be called concurrently with Close.
	 180  	// In particular, calling Close should unblock a Read waiting
	 181  	// for input.
	 182  	Body io.ReadCloser
	 183  
	 184  	// GetBody defines an optional func to return a new copy of
	 185  	// Body. It is used for client requests when a redirect requires
	 186  	// reading the body more than once. Use of GetBody still
	 187  	// requires setting Body.
	 188  	//
	 189  	// For server requests, it is unused.
	 190  	GetBody func() (io.ReadCloser, error)
	 191  
	 192  	// ContentLength records the length of the associated content.
	 193  	// The value -1 indicates that the length is unknown.
	 194  	// Values >= 0 indicate that the given number of bytes may
	 195  	// be read from Body.
	 196  	//
	 197  	// For client requests, a value of 0 with a non-nil Body is
	 198  	// also treated as unknown.
	 199  	ContentLength int64
	 200  
	 201  	// TransferEncoding lists the transfer encodings from outermost to
	 202  	// innermost. An empty list denotes the "identity" encoding.
	 203  	// TransferEncoding can usually be ignored; chunked encoding is
	 204  	// automatically added and removed as necessary when sending and
	 205  	// receiving requests.
	 206  	TransferEncoding []string
	 207  
	 208  	// Close indicates whether to close the connection after
	 209  	// replying to this request (for servers) or after sending this
	 210  	// request and reading its response (for clients).
	 211  	//
	 212  	// For server requests, the HTTP server handles this automatically
	 213  	// and this field is not needed by Handlers.
	 214  	//
	 215  	// For client requests, setting this field prevents re-use of
	 216  	// TCP connections between requests to the same hosts, as if
	 217  	// Transport.DisableKeepAlives were set.
	 218  	Close bool
	 219  
	 220  	// For server requests, Host specifies the host on which the
	 221  	// URL is sought. For HTTP/1 (per RFC 7230, section 5.4), this
	 222  	// is either the value of the "Host" header or the host name
	 223  	// given in the URL itself. For HTTP/2, it is the value of the
	 224  	// ":authority" pseudo-header field.
	 225  	// It may be of the form "host:port". For international domain
	 226  	// names, Host may be in Punycode or Unicode form. Use
	 227  	// golang.org/x/net/idna to convert it to either format if
	 228  	// needed.
	 229  	// To prevent DNS rebinding attacks, server Handlers should
	 230  	// validate that the Host header has a value for which the
	 231  	// Handler considers itself authoritative. The included
	 232  	// ServeMux supports patterns registered to particular host
	 233  	// names and thus protects its registered Handlers.
	 234  	//
	 235  	// For client requests, Host optionally overrides the Host
	 236  	// header to send. If empty, the Request.Write method uses
	 237  	// the value of URL.Host. Host may contain an international
	 238  	// domain name.
	 239  	Host string
	 240  
	 241  	// Form contains the parsed form data, including both the URL
	 242  	// field's query parameters and the PATCH, POST, or PUT form data.
	 243  	// This field is only available after ParseForm is called.
	 244  	// The HTTP client ignores Form and uses Body instead.
	 245  	Form url.Values
	 246  
	 247  	// PostForm contains the parsed form data from PATCH, POST
	 248  	// or PUT body parameters.
	 249  	//
	 250  	// This field is only available after ParseForm is called.
	 251  	// The HTTP client ignores PostForm and uses Body instead.
	 252  	PostForm url.Values
	 253  
	 254  	// MultipartForm is the parsed multipart form, including file uploads.
	 255  	// This field is only available after ParseMultipartForm is called.
	 256  	// The HTTP client ignores MultipartForm and uses Body instead.
	 257  	MultipartForm *multipart.Form
	 258  
	 259  	// Trailer specifies additional headers that are sent after the request
	 260  	// body.
	 261  	//
	 262  	// For server requests, the Trailer map initially contains only the
	 263  	// trailer keys, with nil values. (The client declares which trailers it
	 264  	// will later send.)	While the handler is reading from Body, it must
	 265  	// not reference Trailer. After reading from Body returns EOF, Trailer
	 266  	// can be read again and will contain non-nil values, if they were sent
	 267  	// by the client.
	 268  	//
	 269  	// For client requests, Trailer must be initialized to a map containing
	 270  	// the trailer keys to later send. The values may be nil or their final
	 271  	// values. The ContentLength must be 0 or -1, to send a chunked request.
	 272  	// After the HTTP request is sent the map values can be updated while
	 273  	// the request body is read. Once the body returns EOF, the caller must
	 274  	// not mutate Trailer.
	 275  	//
	 276  	// Few HTTP clients, servers, or proxies support HTTP trailers.
	 277  	Trailer Header
	 278  
	 279  	// RemoteAddr allows HTTP servers and other software to record
	 280  	// the network address that sent the request, usually for
	 281  	// logging. This field is not filled in by ReadRequest and
	 282  	// has no defined format. The HTTP server in this package
	 283  	// sets RemoteAddr to an "IP:port" address before invoking a
	 284  	// handler.
	 285  	// This field is ignored by the HTTP client.
	 286  	RemoteAddr string
	 287  
	 288  	// RequestURI is the unmodified request-target of the
	 289  	// Request-Line (RFC 7230, Section 3.1.1) as sent by the client
	 290  	// to a server. Usually the URL field should be used instead.
	 291  	// It is an error to set this field in an HTTP client request.
	 292  	RequestURI string
	 293  
	 294  	// TLS allows HTTP servers and other software to record
	 295  	// information about the TLS connection on which the request
	 296  	// was received. This field is not filled in by ReadRequest.
	 297  	// The HTTP server in this package sets the field for
	 298  	// TLS-enabled connections before invoking a handler;
	 299  	// otherwise it leaves the field nil.
	 300  	// This field is ignored by the HTTP client.
	 301  	TLS *tls.ConnectionState
	 302  
	 303  	// Cancel is an optional channel whose closure indicates that the client
	 304  	// request should be regarded as canceled. Not all implementations of
	 305  	// RoundTripper may support Cancel.
	 306  	//
	 307  	// For server requests, this field is not applicable.
	 308  	//
	 309  	// Deprecated: Set the Request's context with NewRequestWithContext
	 310  	// instead. If a Request's Cancel field and context are both
	 311  	// set, it is undefined whether Cancel is respected.
	 312  	Cancel <-chan struct{}
	 313  
	 314  	// Response is the redirect response which caused this request
	 315  	// to be created. This field is only populated during client
	 316  	// redirects.
	 317  	Response *Response
	 318  
	 319  	// ctx is either the client or server context. It should only
	 320  	// be modified via copying the whole Request using WithContext.
	 321  	// It is unexported to prevent people from using Context wrong
	 322  	// and mutating the contexts held by callers of the same request.
	 323  	ctx context.Context
	 324  }
	 325  
	 326  // Context returns the request's context. To change the context, use
	 327  // WithContext.
	 328  //
	 329  // The returned context is always non-nil; it defaults to the
	 330  // background context.
	 331  //
	 332  // For outgoing client requests, the context controls cancellation.
	 333  //
	 334  // For incoming server requests, the context is canceled when the
	 335  // client's connection closes, the request is canceled (with HTTP/2),
	 336  // or when the ServeHTTP method returns.
	 337  func (r *Request) Context() context.Context {
	 338  	if r.ctx != nil {
	 339  		return r.ctx
	 340  	}
	 341  	return context.Background()
	 342  }
	 343  
	 344  // WithContext returns a shallow copy of r with its context changed
	 345  // to ctx. The provided ctx must be non-nil.
	 346  //
	 347  // For outgoing client request, the context controls the entire
	 348  // lifetime of a request and its response: obtaining a connection,
	 349  // sending the request, and reading the response headers and body.
	 350  //
	 351  // To create a new request with a context, use NewRequestWithContext.
	 352  // To change the context of a request, such as an incoming request you
	 353  // want to modify before sending back out, use Request.Clone. Between
	 354  // those two uses, it's rare to need WithContext.
	 355  func (r *Request) WithContext(ctx context.Context) *Request {
	 356  	if ctx == nil {
	 357  		panic("nil context")
	 358  	}
	 359  	r2 := new(Request)
	 360  	*r2 = *r
	 361  	r2.ctx = ctx
	 362  	r2.URL = cloneURL(r.URL) // legacy behavior; TODO: try to remove. Issue 23544
	 363  	return r2
	 364  }
	 365  
	 366  // Clone returns a deep copy of r with its context changed to ctx.
	 367  // The provided ctx must be non-nil.
	 368  //
	 369  // For an outgoing client request, the context controls the entire
	 370  // lifetime of a request and its response: obtaining a connection,
	 371  // sending the request, and reading the response headers and body.
	 372  func (r *Request) Clone(ctx context.Context) *Request {
	 373  	if ctx == nil {
	 374  		panic("nil context")
	 375  	}
	 376  	r2 := new(Request)
	 377  	*r2 = *r
	 378  	r2.ctx = ctx
	 379  	r2.URL = cloneURL(r.URL)
	 380  	if r.Header != nil {
	 381  		r2.Header = r.Header.Clone()
	 382  	}
	 383  	if r.Trailer != nil {
	 384  		r2.Trailer = r.Trailer.Clone()
	 385  	}
	 386  	if s := r.TransferEncoding; s != nil {
	 387  		s2 := make([]string, len(s))
	 388  		copy(s2, s)
	 389  		r2.TransferEncoding = s2
	 390  	}
	 391  	r2.Form = cloneURLValues(r.Form)
	 392  	r2.PostForm = cloneURLValues(r.PostForm)
	 393  	r2.MultipartForm = cloneMultipartForm(r.MultipartForm)
	 394  	return r2
	 395  }
	 396  
	 397  // ProtoAtLeast reports whether the HTTP protocol used
	 398  // in the request is at least major.minor.
	 399  func (r *Request) ProtoAtLeast(major, minor int) bool {
	 400  	return r.ProtoMajor > major ||
	 401  		r.ProtoMajor == major && r.ProtoMinor >= minor
	 402  }
	 403  
	 404  // UserAgent returns the client's User-Agent, if sent in the request.
	 405  func (r *Request) UserAgent() string {
	 406  	return r.Header.Get("User-Agent")
	 407  }
	 408  
	 409  // Cookies parses and returns the HTTP cookies sent with the request.
	 410  func (r *Request) Cookies() []*Cookie {
	 411  	return readCookies(r.Header, "")
	 412  }
	 413  
	 414  // ErrNoCookie is returned by Request's Cookie method when a cookie is not found.
	 415  var ErrNoCookie = errors.New("http: named cookie not present")
	 416  
	 417  // Cookie returns the named cookie provided in the request or
	 418  // ErrNoCookie if not found.
	 419  // If multiple cookies match the given name, only one cookie will
	 420  // be returned.
	 421  func (r *Request) Cookie(name string) (*Cookie, error) {
	 422  	for _, c := range readCookies(r.Header, name) {
	 423  		return c, nil
	 424  	}
	 425  	return nil, ErrNoCookie
	 426  }
	 427  
	 428  // AddCookie adds a cookie to the request. Per RFC 6265 section 5.4,
	 429  // AddCookie does not attach more than one Cookie header field. That
	 430  // means all cookies, if any, are written into the same line,
	 431  // separated by semicolon.
	 432  // AddCookie only sanitizes c's name and value, and does not sanitize
	 433  // a Cookie header already present in the request.
	 434  func (r *Request) AddCookie(c *Cookie) {
	 435  	s := fmt.Sprintf("%s=%s", sanitizeCookieName(c.Name), sanitizeCookieValue(c.Value))
	 436  	if c := r.Header.Get("Cookie"); c != "" {
	 437  		r.Header.Set("Cookie", c+"; "+s)
	 438  	} else {
	 439  		r.Header.Set("Cookie", s)
	 440  	}
	 441  }
	 442  
	 443  // Referer returns the referring URL, if sent in the request.
	 444  //
	 445  // Referer is misspelled as in the request itself, a mistake from the
	 446  // earliest days of HTTP.	This value can also be fetched from the
	 447  // Header map as Header["Referer"]; the benefit of making it available
	 448  // as a method is that the compiler can diagnose programs that use the
	 449  // alternate (correct English) spelling req.Referrer() but cannot
	 450  // diagnose programs that use Header["Referrer"].
	 451  func (r *Request) Referer() string {
	 452  	return r.Header.Get("Referer")
	 453  }
	 454  
	 455  // multipartByReader is a sentinel value.
	 456  // Its presence in Request.MultipartForm indicates that parsing of the request
	 457  // body has been handed off to a MultipartReader instead of ParseMultipartForm.
	 458  var multipartByReader = &multipart.Form{
	 459  	Value: make(map[string][]string),
	 460  	File:	make(map[string][]*multipart.FileHeader),
	 461  }
	 462  
	 463  // MultipartReader returns a MIME multipart reader if this is a
	 464  // multipart/form-data or a multipart/mixed POST request, else returns nil and an error.
	 465  // Use this function instead of ParseMultipartForm to
	 466  // process the request body as a stream.
	 467  func (r *Request) MultipartReader() (*multipart.Reader, error) {
	 468  	if r.MultipartForm == multipartByReader {
	 469  		return nil, errors.New("http: MultipartReader called twice")
	 470  	}
	 471  	if r.MultipartForm != nil {
	 472  		return nil, errors.New("http: multipart handled by ParseMultipartForm")
	 473  	}
	 474  	r.MultipartForm = multipartByReader
	 475  	return r.multipartReader(true)
	 476  }
	 477  
	 478  func (r *Request) multipartReader(allowMixed bool) (*multipart.Reader, error) {
	 479  	v := r.Header.Get("Content-Type")
	 480  	if v == "" {
	 481  		return nil, ErrNotMultipart
	 482  	}
	 483  	d, params, err := mime.ParseMediaType(v)
	 484  	if err != nil || !(d == "multipart/form-data" || allowMixed && d == "multipart/mixed") {
	 485  		return nil, ErrNotMultipart
	 486  	}
	 487  	boundary, ok := params["boundary"]
	 488  	if !ok {
	 489  		return nil, ErrMissingBoundary
	 490  	}
	 491  	return multipart.NewReader(r.Body, boundary), nil
	 492  }
	 493  
	 494  // isH2Upgrade reports whether r represents the http2 "client preface"
	 495  // magic string.
	 496  func (r *Request) isH2Upgrade() bool {
	 497  	return r.Method == "PRI" && len(r.Header) == 0 && r.URL.Path == "*" && r.Proto == "HTTP/2.0"
	 498  }
	 499  
	 500  // Return value if nonempty, def otherwise.
	 501  func valueOrDefault(value, def string) string {
	 502  	if value != "" {
	 503  		return value
	 504  	}
	 505  	return def
	 506  }
	 507  
	 508  // NOTE: This is not intended to reflect the actual Go version being used.
	 509  // It was changed at the time of Go 1.1 release because the former User-Agent
	 510  // had ended up blocked by some intrusion detection systems.
	 511  // See https://codereview.appspot.com/7532043.
	 512  const defaultUserAgent = "Go-http-client/1.1"
	 513  
	 514  // Write writes an HTTP/1.1 request, which is the header and body, in wire format.
	 515  // This method consults the following fields of the request:
	 516  //	Host
	 517  //	URL
	 518  //	Method (defaults to "GET")
	 519  //	Header
	 520  //	ContentLength
	 521  //	TransferEncoding
	 522  //	Body
	 523  //
	 524  // If Body is present, Content-Length is <= 0 and TransferEncoding
	 525  // hasn't been set to "identity", Write adds "Transfer-Encoding:
	 526  // chunked" to the header. Body is closed after it is sent.
	 527  func (r *Request) Write(w io.Writer) error {
	 528  	return r.write(w, false, nil, nil)
	 529  }
	 530  
	 531  // WriteProxy is like Write but writes the request in the form
	 532  // expected by an HTTP proxy. In particular, WriteProxy writes the
	 533  // initial Request-URI line of the request with an absolute URI, per
	 534  // section 5.3 of RFC 7230, including the scheme and host.
	 535  // In either case, WriteProxy also writes a Host header, using
	 536  // either r.Host or r.URL.Host.
	 537  func (r *Request) WriteProxy(w io.Writer) error {
	 538  	return r.write(w, true, nil, nil)
	 539  }
	 540  
	 541  // errMissingHost is returned by Write when there is no Host or URL present in
	 542  // the Request.
	 543  var errMissingHost = errors.New("http: Request.Write on Request with no Host or URL set")
	 544  
	 545  // extraHeaders may be nil
	 546  // waitForContinue may be nil
	 547  // always closes body
	 548  func (r *Request) write(w io.Writer, usingProxy bool, extraHeaders Header, waitForContinue func() bool) (err error) {
	 549  	trace := httptrace.ContextClientTrace(r.Context())
	 550  	if trace != nil && trace.WroteRequest != nil {
	 551  		defer func() {
	 552  			trace.WroteRequest(httptrace.WroteRequestInfo{
	 553  				Err: err,
	 554  			})
	 555  		}()
	 556  	}
	 557  	closed := false
	 558  	defer func() {
	 559  		if closed {
	 560  			return
	 561  		}
	 562  		if closeErr := r.closeBody(); closeErr != nil && err == nil {
	 563  			err = closeErr
	 564  		}
	 565  	}()
	 566  
	 567  	// Find the target host. Prefer the Host: header, but if that
	 568  	// is not given, use the host from the request URL.
	 569  	//
	 570  	// Clean the host, in case it arrives with unexpected stuff in it.
	 571  	host := cleanHost(r.Host)
	 572  	if host == "" {
	 573  		if r.URL == nil {
	 574  			return errMissingHost
	 575  		}
	 576  		host = cleanHost(r.URL.Host)
	 577  	}
	 578  
	 579  	// According to RFC 6874, an HTTP client, proxy, or other
	 580  	// intermediary must remove any IPv6 zone identifier attached
	 581  	// to an outgoing URI.
	 582  	host = removeZone(host)
	 583  
	 584  	ruri := r.URL.RequestURI()
	 585  	if usingProxy && r.URL.Scheme != "" && r.URL.Opaque == "" {
	 586  		ruri = r.URL.Scheme + "://" + host + ruri
	 587  	} else if r.Method == "CONNECT" && r.URL.Path == "" {
	 588  		// CONNECT requests normally give just the host and port, not a full URL.
	 589  		ruri = host
	 590  		if r.URL.Opaque != "" {
	 591  			ruri = r.URL.Opaque
	 592  		}
	 593  	}
	 594  	if stringContainsCTLByte(ruri) {
	 595  		return errors.New("net/http: can't write control character in Request.URL")
	 596  	}
	 597  	// TODO: validate r.Method too? At least it's less likely to
	 598  	// come from an attacker (more likely to be a constant in
	 599  	// code).
	 600  
	 601  	// Wrap the writer in a bufio Writer if it's not already buffered.
	 602  	// Don't always call NewWriter, as that forces a bytes.Buffer
	 603  	// and other small bufio Writers to have a minimum 4k buffer
	 604  	// size.
	 605  	var bw *bufio.Writer
	 606  	if _, ok := w.(io.ByteWriter); !ok {
	 607  		bw = bufio.NewWriter(w)
	 608  		w = bw
	 609  	}
	 610  
	 611  	_, err = fmt.Fprintf(w, "%s %s HTTP/1.1\r\n", valueOrDefault(r.Method, "GET"), ruri)
	 612  	if err != nil {
	 613  		return err
	 614  	}
	 615  
	 616  	// Header lines
	 617  	_, err = fmt.Fprintf(w, "Host: %s\r\n", host)
	 618  	if err != nil {
	 619  		return err
	 620  	}
	 621  	if trace != nil && trace.WroteHeaderField != nil {
	 622  		trace.WroteHeaderField("Host", []string{host})
	 623  	}
	 624  
	 625  	// Use the defaultUserAgent unless the Header contains one, which
	 626  	// may be blank to not send the header.
	 627  	userAgent := defaultUserAgent
	 628  	if r.Header.has("User-Agent") {
	 629  		userAgent = r.Header.Get("User-Agent")
	 630  	}
	 631  	if userAgent != "" {
	 632  		_, err = fmt.Fprintf(w, "User-Agent: %s\r\n", userAgent)
	 633  		if err != nil {
	 634  			return err
	 635  		}
	 636  		if trace != nil && trace.WroteHeaderField != nil {
	 637  			trace.WroteHeaderField("User-Agent", []string{userAgent})
	 638  		}
	 639  	}
	 640  
	 641  	// Process Body,ContentLength,Close,Trailer
	 642  	tw, err := newTransferWriter(r)
	 643  	if err != nil {
	 644  		return err
	 645  	}
	 646  	err = tw.writeHeader(w, trace)
	 647  	if err != nil {
	 648  		return err
	 649  	}
	 650  
	 651  	err = r.Header.writeSubset(w, reqWriteExcludeHeader, trace)
	 652  	if err != nil {
	 653  		return err
	 654  	}
	 655  
	 656  	if extraHeaders != nil {
	 657  		err = extraHeaders.write(w, trace)
	 658  		if err != nil {
	 659  			return err
	 660  		}
	 661  	}
	 662  
	 663  	_, err = io.WriteString(w, "\r\n")
	 664  	if err != nil {
	 665  		return err
	 666  	}
	 667  
	 668  	if trace != nil && trace.WroteHeaders != nil {
	 669  		trace.WroteHeaders()
	 670  	}
	 671  
	 672  	// Flush and wait for 100-continue if expected.
	 673  	if waitForContinue != nil {
	 674  		if bw, ok := w.(*bufio.Writer); ok {
	 675  			err = bw.Flush()
	 676  			if err != nil {
	 677  				return err
	 678  			}
	 679  		}
	 680  		if trace != nil && trace.Wait100Continue != nil {
	 681  			trace.Wait100Continue()
	 682  		}
	 683  		if !waitForContinue() {
	 684  			closed = true
	 685  			r.closeBody()
	 686  			return nil
	 687  		}
	 688  	}
	 689  
	 690  	if bw, ok := w.(*bufio.Writer); ok && tw.FlushHeaders {
	 691  		if err := bw.Flush(); err != nil {
	 692  			return err
	 693  		}
	 694  	}
	 695  
	 696  	// Write body and trailer
	 697  	closed = true
	 698  	err = tw.writeBody(w)
	 699  	if err != nil {
	 700  		if tw.bodyReadError == err {
	 701  			err = requestBodyReadError{err}
	 702  		}
	 703  		return err
	 704  	}
	 705  
	 706  	if bw != nil {
	 707  		return bw.Flush()
	 708  	}
	 709  	return nil
	 710  }
	 711  
	 712  // requestBodyReadError wraps an error from (*Request).write to indicate
	 713  // that the error came from a Read call on the Request.Body.
	 714  // This error type should not escape the net/http package to users.
	 715  type requestBodyReadError struct{ error }
	 716  
	 717  func idnaASCII(v string) (string, error) {
	 718  	// TODO: Consider removing this check after verifying performance is okay.
	 719  	// Right now punycode verification, length checks, context checks, and the
	 720  	// permissible character tests are all omitted. It also prevents the ToASCII
	 721  	// call from salvaging an invalid IDN, when possible. As a result it may be
	 722  	// possible to have two IDNs that appear identical to the user where the
	 723  	// ASCII-only version causes an error downstream whereas the non-ASCII
	 724  	// version does not.
	 725  	// Note that for correct ASCII IDNs ToASCII will only do considerably more
	 726  	// work, but it will not cause an allocation.
	 727  	if ascii.Is(v) {
	 728  		return v, nil
	 729  	}
	 730  	return idna.Lookup.ToASCII(v)
	 731  }
	 732  
	 733  // cleanHost cleans up the host sent in request's Host header.
	 734  //
	 735  // It both strips anything after '/' or ' ', and puts the value
	 736  // into Punycode form, if necessary.
	 737  //
	 738  // Ideally we'd clean the Host header according to the spec:
	 739  //	 https://tools.ietf.org/html/rfc7230#section-5.4 (Host = uri-host [ ":" port ]")
	 740  //	 https://tools.ietf.org/html/rfc7230#section-2.7 (uri-host -> rfc3986's host)
	 741  //	 https://tools.ietf.org/html/rfc3986#section-3.2.2 (definition of host)
	 742  // But practically, what we are trying to avoid is the situation in
	 743  // issue 11206, where a malformed Host header used in the proxy context
	 744  // would create a bad request. So it is enough to just truncate at the
	 745  // first offending character.
	 746  func cleanHost(in string) string {
	 747  	if i := strings.IndexAny(in, " /"); i != -1 {
	 748  		in = in[:i]
	 749  	}
	 750  	host, port, err := net.SplitHostPort(in)
	 751  	if err != nil { // input was just a host
	 752  		a, err := idnaASCII(in)
	 753  		if err != nil {
	 754  			return in // garbage in, garbage out
	 755  		}
	 756  		return a
	 757  	}
	 758  	a, err := idnaASCII(host)
	 759  	if err != nil {
	 760  		return in // garbage in, garbage out
	 761  	}
	 762  	return net.JoinHostPort(a, port)
	 763  }
	 764  
	 765  // removeZone removes IPv6 zone identifier from host.
	 766  // E.g., "[fe80::1%en0]:8080" to "[fe80::1]:8080"
	 767  func removeZone(host string) string {
	 768  	if !strings.HasPrefix(host, "[") {
	 769  		return host
	 770  	}
	 771  	i := strings.LastIndex(host, "]")
	 772  	if i < 0 {
	 773  		return host
	 774  	}
	 775  	j := strings.LastIndex(host[:i], "%")
	 776  	if j < 0 {
	 777  		return host
	 778  	}
	 779  	return host[:j] + host[i:]
	 780  }
	 781  
	 782  // ParseHTTPVersion parses an HTTP version string.
	 783  // "HTTP/1.0" returns (1, 0, true). Note that strings without
	 784  // a minor version, such as "HTTP/2", are not valid.
	 785  func ParseHTTPVersion(vers string) (major, minor int, ok bool) {
	 786  	const Big = 1000000 // arbitrary upper bound
	 787  	switch vers {
	 788  	case "HTTP/1.1":
	 789  		return 1, 1, true
	 790  	case "HTTP/1.0":
	 791  		return 1, 0, true
	 792  	}
	 793  	if !strings.HasPrefix(vers, "HTTP/") {
	 794  		return 0, 0, false
	 795  	}
	 796  	dot := strings.Index(vers, ".")
	 797  	if dot < 0 {
	 798  		return 0, 0, false
	 799  	}
	 800  	major, err := strconv.Atoi(vers[5:dot])
	 801  	if err != nil || major < 0 || major > Big {
	 802  		return 0, 0, false
	 803  	}
	 804  	minor, err = strconv.Atoi(vers[dot+1:])
	 805  	if err != nil || minor < 0 || minor > Big {
	 806  		return 0, 0, false
	 807  	}
	 808  	return major, minor, true
	 809  }
	 810  
	 811  func validMethod(method string) bool {
	 812  	/*
	 813  			 Method				 = "OPTIONS"								; Section 9.2
	 814  											| "GET"										; Section 9.3
	 815  											| "HEAD"									 ; Section 9.4
	 816  											| "POST"									 ; Section 9.5
	 817  											| "PUT"										; Section 9.6
	 818  											| "DELETE"								 ; Section 9.7
	 819  											| "TRACE"									; Section 9.8
	 820  											| "CONNECT"								; Section 9.9
	 821  											| extension-method
	 822  		 extension-method = token
	 823  			 token					= 1*<any CHAR except CTLs or separators>
	 824  	*/
	 825  	return len(method) > 0 && strings.IndexFunc(method, isNotToken) == -1
	 826  }
	 827  
	 828  // NewRequest wraps NewRequestWithContext using context.Background.
	 829  func NewRequest(method, url string, body io.Reader) (*Request, error) {
	 830  	return NewRequestWithContext(context.Background(), method, url, body)
	 831  }
	 832  
	 833  // NewRequestWithContext returns a new Request given a method, URL, and
	 834  // optional body.
	 835  //
	 836  // If the provided body is also an io.Closer, the returned
	 837  // Request.Body is set to body and will be closed by the Client
	 838  // methods Do, Post, and PostForm, and Transport.RoundTrip.
	 839  //
	 840  // NewRequestWithContext returns a Request suitable for use with
	 841  // Client.Do or Transport.RoundTrip. To create a request for use with
	 842  // testing a Server Handler, either use the NewRequest function in the
	 843  // net/http/httptest package, use ReadRequest, or manually update the
	 844  // Request fields. For an outgoing client request, the context
	 845  // controls the entire lifetime of a request and its response:
	 846  // obtaining a connection, sending the request, and reading the
	 847  // response headers and body. See the Request type's documentation for
	 848  // the difference between inbound and outbound request fields.
	 849  //
	 850  // If body is of type *bytes.Buffer, *bytes.Reader, or
	 851  // *strings.Reader, the returned request's ContentLength is set to its
	 852  // exact value (instead of -1), GetBody is populated (so 307 and 308
	 853  // redirects can replay the body), and Body is set to NoBody if the
	 854  // ContentLength is 0.
	 855  func NewRequestWithContext(ctx context.Context, method, url string, body io.Reader) (*Request, error) {
	 856  	if method == "" {
	 857  		// We document that "" means "GET" for Request.Method, and people have
	 858  		// relied on that from NewRequest, so keep that working.
	 859  		// We still enforce validMethod for non-empty methods.
	 860  		method = "GET"
	 861  	}
	 862  	if !validMethod(method) {
	 863  		return nil, fmt.Errorf("net/http: invalid method %q", method)
	 864  	}
	 865  	if ctx == nil {
	 866  		return nil, errors.New("net/http: nil Context")
	 867  	}
	 868  	u, err := urlpkg.Parse(url)
	 869  	if err != nil {
	 870  		return nil, err
	 871  	}
	 872  	rc, ok := body.(io.ReadCloser)
	 873  	if !ok && body != nil {
	 874  		rc = io.NopCloser(body)
	 875  	}
	 876  	// The host's colon:port should be normalized. See Issue 14836.
	 877  	u.Host = removeEmptyPort(u.Host)
	 878  	req := &Request{
	 879  		ctx:				ctx,
	 880  		Method:		 method,
	 881  		URL:				u,
	 882  		Proto:			"HTTP/1.1",
	 883  		ProtoMajor: 1,
	 884  		ProtoMinor: 1,
	 885  		Header:		 make(Header),
	 886  		Body:			 rc,
	 887  		Host:			 u.Host,
	 888  	}
	 889  	if body != nil {
	 890  		switch v := body.(type) {
	 891  		case *bytes.Buffer:
	 892  			req.ContentLength = int64(v.Len())
	 893  			buf := v.Bytes()
	 894  			req.GetBody = func() (io.ReadCloser, error) {
	 895  				r := bytes.NewReader(buf)
	 896  				return io.NopCloser(r), nil
	 897  			}
	 898  		case *bytes.Reader:
	 899  			req.ContentLength = int64(v.Len())
	 900  			snapshot := *v
	 901  			req.GetBody = func() (io.ReadCloser, error) {
	 902  				r := snapshot
	 903  				return io.NopCloser(&r), nil
	 904  			}
	 905  		case *strings.Reader:
	 906  			req.ContentLength = int64(v.Len())
	 907  			snapshot := *v
	 908  			req.GetBody = func() (io.ReadCloser, error) {
	 909  				r := snapshot
	 910  				return io.NopCloser(&r), nil
	 911  			}
	 912  		default:
	 913  			// This is where we'd set it to -1 (at least
	 914  			// if body != NoBody) to mean unknown, but
	 915  			// that broke people during the Go 1.8 testing
	 916  			// period. People depend on it being 0 I
	 917  			// guess. Maybe retry later. See Issue 18117.
	 918  		}
	 919  		// For client requests, Request.ContentLength of 0
	 920  		// means either actually 0, or unknown. The only way
	 921  		// to explicitly say that the ContentLength is zero is
	 922  		// to set the Body to nil. But turns out too much code
	 923  		// depends on NewRequest returning a non-nil Body,
	 924  		// so we use a well-known ReadCloser variable instead
	 925  		// and have the http package also treat that sentinel
	 926  		// variable to mean explicitly zero.
	 927  		if req.GetBody != nil && req.ContentLength == 0 {
	 928  			req.Body = NoBody
	 929  			req.GetBody = func() (io.ReadCloser, error) { return NoBody, nil }
	 930  		}
	 931  	}
	 932  
	 933  	return req, nil
	 934  }
	 935  
	 936  // BasicAuth returns the username and password provided in the request's
	 937  // Authorization header, if the request uses HTTP Basic Authentication.
	 938  // See RFC 2617, Section 2.
	 939  func (r *Request) BasicAuth() (username, password string, ok bool) {
	 940  	auth := r.Header.Get("Authorization")
	 941  	if auth == "" {
	 942  		return
	 943  	}
	 944  	return parseBasicAuth(auth)
	 945  }
	 946  
	 947  // parseBasicAuth parses an HTTP Basic Authentication string.
	 948  // "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==" returns ("Aladdin", "open sesame", true).
	 949  func parseBasicAuth(auth string) (username, password string, ok bool) {
	 950  	const prefix = "Basic "
	 951  	// Case insensitive prefix match. See Issue 22736.
	 952  	if len(auth) < len(prefix) || !ascii.EqualFold(auth[:len(prefix)], prefix) {
	 953  		return
	 954  	}
	 955  	c, err := base64.StdEncoding.DecodeString(auth[len(prefix):])
	 956  	if err != nil {
	 957  		return
	 958  	}
	 959  	cs := string(c)
	 960  	s := strings.IndexByte(cs, ':')
	 961  	if s < 0 {
	 962  		return
	 963  	}
	 964  	return cs[:s], cs[s+1:], true
	 965  }
	 966  
	 967  // SetBasicAuth sets the request's Authorization header to use HTTP
	 968  // Basic Authentication with the provided username and password.
	 969  //
	 970  // With HTTP Basic Authentication the provided username and password
	 971  // are not encrypted.
	 972  //
	 973  // Some protocols may impose additional requirements on pre-escaping the
	 974  // username and password. For instance, when used with OAuth2, both arguments
	 975  // must be URL encoded first with url.QueryEscape.
	 976  func (r *Request) SetBasicAuth(username, password string) {
	 977  	r.Header.Set("Authorization", "Basic "+basicAuth(username, password))
	 978  }
	 979  
	 980  // parseRequestLine parses "GET /foo HTTP/1.1" into its three parts.
	 981  func parseRequestLine(line string) (method, requestURI, proto string, ok bool) {
	 982  	s1 := strings.Index(line, " ")
	 983  	s2 := strings.Index(line[s1+1:], " ")
	 984  	if s1 < 0 || s2 < 0 {
	 985  		return
	 986  	}
	 987  	s2 += s1 + 1
	 988  	return line[:s1], line[s1+1 : s2], line[s2+1:], true
	 989  }
	 990  
	 991  var textprotoReaderPool sync.Pool
	 992  
	 993  func newTextprotoReader(br *bufio.Reader) *textproto.Reader {
	 994  	if v := textprotoReaderPool.Get(); v != nil {
	 995  		tr := v.(*textproto.Reader)
	 996  		tr.R = br
	 997  		return tr
	 998  	}
	 999  	return textproto.NewReader(br)
	1000  }
	1001  
	1002  func putTextprotoReader(r *textproto.Reader) {
	1003  	r.R = nil
	1004  	textprotoReaderPool.Put(r)
	1005  }
	1006  
	1007  // ReadRequest reads and parses an incoming request from b.
	1008  //
	1009  // ReadRequest is a low-level function and should only be used for
	1010  // specialized applications; most code should use the Server to read
	1011  // requests and handle them via the Handler interface. ReadRequest
	1012  // only supports HTTP/1.x requests. For HTTP/2, use golang.org/x/net/http2.
	1013  func ReadRequest(b *bufio.Reader) (*Request, error) {
	1014  	req, err := readRequest(b)
	1015  	if err != nil {
	1016  		return nil, err
	1017  	}
	1018  
	1019  	delete(req.Header, "Host")
	1020  	return req, err
	1021  }
	1022  
	1023  func readRequest(b *bufio.Reader) (req *Request, err error) {
	1024  	tp := newTextprotoReader(b)
	1025  	req = new(Request)
	1026  
	1027  	// First line: GET /index.html HTTP/1.0
	1028  	var s string
	1029  	if s, err = tp.ReadLine(); err != nil {
	1030  		return nil, err
	1031  	}
	1032  	defer func() {
	1033  		putTextprotoReader(tp)
	1034  		if err == io.EOF {
	1035  			err = io.ErrUnexpectedEOF
	1036  		}
	1037  	}()
	1038  
	1039  	var ok bool
	1040  	req.Method, req.RequestURI, req.Proto, ok = parseRequestLine(s)
	1041  	if !ok {
	1042  		return nil, badStringError("malformed HTTP request", s)
	1043  	}
	1044  	if !validMethod(req.Method) {
	1045  		return nil, badStringError("invalid method", req.Method)
	1046  	}
	1047  	rawurl := req.RequestURI
	1048  	if req.ProtoMajor, req.ProtoMinor, ok = ParseHTTPVersion(req.Proto); !ok {
	1049  		return nil, badStringError("malformed HTTP version", req.Proto)
	1050  	}
	1051  
	1052  	// CONNECT requests are used two different ways, and neither uses a full URL:
	1053  	// The standard use is to tunnel HTTPS through an HTTP proxy.
	1054  	// It looks like "CONNECT www.google.com:443 HTTP/1.1", and the parameter is
	1055  	// just the authority section of a URL. This information should go in req.URL.Host.
	1056  	//
	1057  	// The net/rpc package also uses CONNECT, but there the parameter is a path
	1058  	// that starts with a slash. It can be parsed with the regular URL parser,
	1059  	// and the path will end up in req.URL.Path, where it needs to be in order for
	1060  	// RPC to work.
	1061  	justAuthority := req.Method == "CONNECT" && !strings.HasPrefix(rawurl, "/")
	1062  	if justAuthority {
	1063  		rawurl = "http://" + rawurl
	1064  	}
	1065  
	1066  	if req.URL, err = url.ParseRequestURI(rawurl); err != nil {
	1067  		return nil, err
	1068  	}
	1069  
	1070  	if justAuthority {
	1071  		// Strip the bogus "http://" back off.
	1072  		req.URL.Scheme = ""
	1073  	}
	1074  
	1075  	// Subsequent lines: Key: value.
	1076  	mimeHeader, err := tp.ReadMIMEHeader()
	1077  	if err != nil {
	1078  		return nil, err
	1079  	}
	1080  	req.Header = Header(mimeHeader)
	1081  	if len(req.Header["Host"]) > 1 {
	1082  		return nil, fmt.Errorf("too many Host headers")
	1083  	}
	1084  
	1085  	// RFC 7230, section 5.3: Must treat
	1086  	//	GET /index.html HTTP/1.1
	1087  	//	Host: www.google.com
	1088  	// and
	1089  	//	GET http://www.google.com/index.html HTTP/1.1
	1090  	//	Host: doesntmatter
	1091  	// the same. In the second case, any Host line is ignored.
	1092  	req.Host = req.URL.Host
	1093  	if req.Host == "" {
	1094  		req.Host = req.Header.get("Host")
	1095  	}
	1096  
	1097  	fixPragmaCacheControl(req.Header)
	1098  
	1099  	req.Close = shouldClose(req.ProtoMajor, req.ProtoMinor, req.Header, false)
	1100  
	1101  	err = readTransfer(req, b)
	1102  	if err != nil {
	1103  		return nil, err
	1104  	}
	1105  
	1106  	if req.isH2Upgrade() {
	1107  		// Because it's neither chunked, nor declared:
	1108  		req.ContentLength = -1
	1109  
	1110  		// We want to give handlers a chance to hijack the
	1111  		// connection, but we need to prevent the Server from
	1112  		// dealing with the connection further if it's not
	1113  		// hijacked. Set Close to ensure that:
	1114  		req.Close = true
	1115  	}
	1116  	return req, nil
	1117  }
	1118  
	1119  // MaxBytesReader is similar to io.LimitReader but is intended for
	1120  // limiting the size of incoming request bodies. In contrast to
	1121  // io.LimitReader, MaxBytesReader's result is a ReadCloser, returns a
	1122  // non-EOF error for a Read beyond the limit, and closes the
	1123  // underlying reader when its Close method is called.
	1124  //
	1125  // MaxBytesReader prevents clients from accidentally or maliciously
	1126  // sending a large request and wasting server resources.
	1127  func MaxBytesReader(w ResponseWriter, r io.ReadCloser, n int64) io.ReadCloser {
	1128  	if n < 0 { // Treat negative limits as equivalent to 0.
	1129  		n = 0
	1130  	}
	1131  	return &maxBytesReader{w: w, r: r, n: n}
	1132  }
	1133  
	1134  type maxBytesReader struct {
	1135  	w	 ResponseWriter
	1136  	r	 io.ReadCloser // underlying reader
	1137  	n	 int64				 // max bytes remaining
	1138  	err error				 // sticky error
	1139  }
	1140  
	1141  func (l *maxBytesReader) Read(p []byte) (n int, err error) {
	1142  	if l.err != nil {
	1143  		return 0, l.err
	1144  	}
	1145  	if len(p) == 0 {
	1146  		return 0, nil
	1147  	}
	1148  	// If they asked for a 32KB byte read but only 5 bytes are
	1149  	// remaining, no need to read 32KB. 6 bytes will answer the
	1150  	// question of the whether we hit the limit or go past it.
	1151  	if int64(len(p)) > l.n+1 {
	1152  		p = p[:l.n+1]
	1153  	}
	1154  	n, err = l.r.Read(p)
	1155  
	1156  	if int64(n) <= l.n {
	1157  		l.n -= int64(n)
	1158  		l.err = err
	1159  		return n, err
	1160  	}
	1161  
	1162  	n = int(l.n)
	1163  	l.n = 0
	1164  
	1165  	// The server code and client code both use
	1166  	// maxBytesReader. This "requestTooLarge" check is
	1167  	// only used by the server code. To prevent binaries
	1168  	// which only using the HTTP Client code (such as
	1169  	// cmd/go) from also linking in the HTTP server, don't
	1170  	// use a static type assertion to the server
	1171  	// "*response" type. Check this interface instead:
	1172  	type requestTooLarger interface {
	1173  		requestTooLarge()
	1174  	}
	1175  	if res, ok := l.w.(requestTooLarger); ok {
	1176  		res.requestTooLarge()
	1177  	}
	1178  	l.err = errors.New("http: request body too large")
	1179  	return n, l.err
	1180  }
	1181  
	1182  func (l *maxBytesReader) Close() error {
	1183  	return l.r.Close()
	1184  }
	1185  
	1186  func copyValues(dst, src url.Values) {
	1187  	for k, vs := range src {
	1188  		dst[k] = append(dst[k], vs...)
	1189  	}
	1190  }
	1191  
	1192  func parsePostForm(r *Request) (vs url.Values, err error) {
	1193  	if r.Body == nil {
	1194  		err = errors.New("missing form body")
	1195  		return
	1196  	}
	1197  	ct := r.Header.Get("Content-Type")
	1198  	// RFC 7231, section 3.1.1.5 - empty type
	1199  	//	 MAY be treated as application/octet-stream
	1200  	if ct == "" {
	1201  		ct = "application/octet-stream"
	1202  	}
	1203  	ct, _, err = mime.ParseMediaType(ct)
	1204  	switch {
	1205  	case ct == "application/x-www-form-urlencoded":
	1206  		var reader io.Reader = r.Body
	1207  		maxFormSize := int64(1<<63 - 1)
	1208  		if _, ok := r.Body.(*maxBytesReader); !ok {
	1209  			maxFormSize = int64(10 << 20) // 10 MB is a lot of text.
	1210  			reader = io.LimitReader(r.Body, maxFormSize+1)
	1211  		}
	1212  		b, e := io.ReadAll(reader)
	1213  		if e != nil {
	1214  			if err == nil {
	1215  				err = e
	1216  			}
	1217  			break
	1218  		}
	1219  		if int64(len(b)) > maxFormSize {
	1220  			err = errors.New("http: POST too large")
	1221  			return
	1222  		}
	1223  		vs, e = url.ParseQuery(string(b))
	1224  		if err == nil {
	1225  			err = e
	1226  		}
	1227  	case ct == "multipart/form-data":
	1228  		// handled by ParseMultipartForm (which is calling us, or should be)
	1229  		// TODO(bradfitz): there are too many possible
	1230  		// orders to call too many functions here.
	1231  		// Clean this up and write more tests.
	1232  		// request_test.go contains the start of this,
	1233  		// in TestParseMultipartFormOrder and others.
	1234  	}
	1235  	return
	1236  }
	1237  
	1238  // ParseForm populates r.Form and r.PostForm.
	1239  //
	1240  // For all requests, ParseForm parses the raw query from the URL and updates
	1241  // r.Form.
	1242  //
	1243  // For POST, PUT, and PATCH requests, it also reads the request body, parses it
	1244  // as a form and puts the results into both r.PostForm and r.Form. Request body
	1245  // parameters take precedence over URL query string values in r.Form.
	1246  //
	1247  // If the request Body's size has not already been limited by MaxBytesReader,
	1248  // the size is capped at 10MB.
	1249  //
	1250  // For other HTTP methods, or when the Content-Type is not
	1251  // application/x-www-form-urlencoded, the request Body is not read, and
	1252  // r.PostForm is initialized to a non-nil, empty value.
	1253  //
	1254  // ParseMultipartForm calls ParseForm automatically.
	1255  // ParseForm is idempotent.
	1256  func (r *Request) ParseForm() error {
	1257  	var err error
	1258  	if r.PostForm == nil {
	1259  		if r.Method == "POST" || r.Method == "PUT" || r.Method == "PATCH" {
	1260  			r.PostForm, err = parsePostForm(r)
	1261  		}
	1262  		if r.PostForm == nil {
	1263  			r.PostForm = make(url.Values)
	1264  		}
	1265  	}
	1266  	if r.Form == nil {
	1267  		if len(r.PostForm) > 0 {
	1268  			r.Form = make(url.Values)
	1269  			copyValues(r.Form, r.PostForm)
	1270  		}
	1271  		var newValues url.Values
	1272  		if r.URL != nil {
	1273  			var e error
	1274  			newValues, e = url.ParseQuery(r.URL.RawQuery)
	1275  			if err == nil {
	1276  				err = e
	1277  			}
	1278  		}
	1279  		if newValues == nil {
	1280  			newValues = make(url.Values)
	1281  		}
	1282  		if r.Form == nil {
	1283  			r.Form = newValues
	1284  		} else {
	1285  			copyValues(r.Form, newValues)
	1286  		}
	1287  	}
	1288  	return err
	1289  }
	1290  
	1291  // ParseMultipartForm parses a request body as multipart/form-data.
	1292  // The whole request body is parsed and up to a total of maxMemory bytes of
	1293  // its file parts are stored in memory, with the remainder stored on
	1294  // disk in temporary files.
	1295  // ParseMultipartForm calls ParseForm if necessary.
	1296  // If ParseForm returns an error, ParseMultipartForm returns it but also
	1297  // continues parsing the request body.
	1298  // After one call to ParseMultipartForm, subsequent calls have no effect.
	1299  func (r *Request) ParseMultipartForm(maxMemory int64) error {
	1300  	if r.MultipartForm == multipartByReader {
	1301  		return errors.New("http: multipart handled by MultipartReader")
	1302  	}
	1303  	var parseFormErr error
	1304  	if r.Form == nil {
	1305  		// Let errors in ParseForm fall through, and just
	1306  		// return it at the end.
	1307  		parseFormErr = r.ParseForm()
	1308  	}
	1309  	if r.MultipartForm != nil {
	1310  		return nil
	1311  	}
	1312  
	1313  	mr, err := r.multipartReader(false)
	1314  	if err != nil {
	1315  		return err
	1316  	}
	1317  
	1318  	f, err := mr.ReadForm(maxMemory)
	1319  	if err != nil {
	1320  		return err
	1321  	}
	1322  
	1323  	if r.PostForm == nil {
	1324  		r.PostForm = make(url.Values)
	1325  	}
	1326  	for k, v := range f.Value {
	1327  		r.Form[k] = append(r.Form[k], v...)
	1328  		// r.PostForm should also be populated. See Issue 9305.
	1329  		r.PostForm[k] = append(r.PostForm[k], v...)
	1330  	}
	1331  
	1332  	r.MultipartForm = f
	1333  
	1334  	return parseFormErr
	1335  }
	1336  
	1337  // FormValue returns the first value for the named component of the query.
	1338  // POST and PUT body parameters take precedence over URL query string values.
	1339  // FormValue calls ParseMultipartForm and ParseForm if necessary and ignores
	1340  // any errors returned by these functions.
	1341  // If key is not present, FormValue returns the empty string.
	1342  // To access multiple values of the same key, call ParseForm and
	1343  // then inspect Request.Form directly.
	1344  func (r *Request) FormValue(key string) string {
	1345  	if r.Form == nil {
	1346  		r.ParseMultipartForm(defaultMaxMemory)
	1347  	}
	1348  	if vs := r.Form[key]; len(vs) > 0 {
	1349  		return vs[0]
	1350  	}
	1351  	return ""
	1352  }
	1353  
	1354  // PostFormValue returns the first value for the named component of the POST,
	1355  // PATCH, or PUT request body. URL query parameters are ignored.
	1356  // PostFormValue calls ParseMultipartForm and ParseForm if necessary and ignores
	1357  // any errors returned by these functions.
	1358  // If key is not present, PostFormValue returns the empty string.
	1359  func (r *Request) PostFormValue(key string) string {
	1360  	if r.PostForm == nil {
	1361  		r.ParseMultipartForm(defaultMaxMemory)
	1362  	}
	1363  	if vs := r.PostForm[key]; len(vs) > 0 {
	1364  		return vs[0]
	1365  	}
	1366  	return ""
	1367  }
	1368  
	1369  // FormFile returns the first file for the provided form key.
	1370  // FormFile calls ParseMultipartForm and ParseForm if necessary.
	1371  func (r *Request) FormFile(key string) (multipart.File, *multipart.FileHeader, error) {
	1372  	if r.MultipartForm == multipartByReader {
	1373  		return nil, nil, errors.New("http: multipart handled by MultipartReader")
	1374  	}
	1375  	if r.MultipartForm == nil {
	1376  		err := r.ParseMultipartForm(defaultMaxMemory)
	1377  		if err != nil {
	1378  			return nil, nil, err
	1379  		}
	1380  	}
	1381  	if r.MultipartForm != nil && r.MultipartForm.File != nil {
	1382  		if fhs := r.MultipartForm.File[key]; len(fhs) > 0 {
	1383  			f, err := fhs[0].Open()
	1384  			return f, fhs[0], err
	1385  		}
	1386  	}
	1387  	return nil, nil, ErrMissingFile
	1388  }
	1389  
	1390  func (r *Request) expectsContinue() bool {
	1391  	return hasToken(r.Header.get("Expect"), "100-continue")
	1392  }
	1393  
	1394  func (r *Request) wantsHttp10KeepAlive() bool {
	1395  	if r.ProtoMajor != 1 || r.ProtoMinor != 0 {
	1396  		return false
	1397  	}
	1398  	return hasToken(r.Header.get("Connection"), "keep-alive")
	1399  }
	1400  
	1401  func (r *Request) wantsClose() bool {
	1402  	if r.Close {
	1403  		return true
	1404  	}
	1405  	return hasToken(r.Header.get("Connection"), "close")
	1406  }
	1407  
	1408  func (r *Request) closeBody() error {
	1409  	if r.Body == nil {
	1410  		return nil
	1411  	}
	1412  	return r.Body.Close()
	1413  }
	1414  
	1415  func (r *Request) isReplayable() bool {
	1416  	if r.Body == nil || r.Body == NoBody || r.GetBody != nil {
	1417  		switch valueOrDefault(r.Method, "GET") {
	1418  		case "GET", "HEAD", "OPTIONS", "TRACE":
	1419  			return true
	1420  		}
	1421  		// The Idempotency-Key, while non-standard, is widely used to
	1422  		// mean a POST or other request is idempotent. See
	1423  		// https://golang.org/issue/19943#issuecomment-421092421
	1424  		if r.Header.has("Idempotency-Key") || r.Header.has("X-Idempotency-Key") {
	1425  			return true
	1426  		}
	1427  	}
	1428  	return false
	1429  }
	1430  
	1431  // outgoingLength reports the Content-Length of this outgoing (Client) request.
	1432  // It maps 0 into -1 (unknown) when the Body is non-nil.
	1433  func (r *Request) outgoingLength() int64 {
	1434  	if r.Body == nil || r.Body == NoBody {
	1435  		return 0
	1436  	}
	1437  	if r.ContentLength != 0 {
	1438  		return r.ContentLength
	1439  	}
	1440  	return -1
	1441  }
	1442  
	1443  // requestMethodUsuallyLacksBody reports whether the given request
	1444  // method is one that typically does not involve a request body.
	1445  // This is used by the Transport (via
	1446  // transferWriter.shouldSendChunkedRequestBody) to determine whether
	1447  // we try to test-read a byte from a non-nil Request.Body when
	1448  // Request.outgoingLength() returns -1. See the comments in
	1449  // shouldSendChunkedRequestBody.
	1450  func requestMethodUsuallyLacksBody(method string) bool {
	1451  	switch method {
	1452  	case "GET", "HEAD", "DELETE", "OPTIONS", "PROPFIND", "SEARCH":
	1453  		return true
	1454  	}
	1455  	return false
	1456  }
	1457  
	1458  // requiresHTTP1 reports whether this request requires being sent on
	1459  // an HTTP/1 connection.
	1460  func (r *Request) requiresHTTP1() bool {
	1461  	return hasToken(r.Header.Get("Connection"), "upgrade") &&
	1462  		ascii.EqualFold(r.Header.Get("Upgrade"), "websocket")
	1463  }
	1464  

View as plain text