You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66 lines
2.0 KiB
66 lines
2.0 KiB
7 years ago
|
// Copyright 2018 The Go Authors. All rights reserved.
|
||
|
// Use of this source code is governed by a BSD-style
|
||
|
// license that can be found in the LICENSE file.
|
||
|
|
||
|
// Package httpguts provides functions implementing various details
|
||
|
// of the HTTP specification.
|
||
|
//
|
||
|
// This package is shared by the standard library (which vendors it)
|
||
|
// and x/net/http2. It comes with no API stability promise.
|
||
|
package httpguts
|
||
|
|
||
|
import (
|
||
|
"net/textproto"
|
||
|
"strings"
|
||
|
)
|
||
|
|
||
|
// SniffedContentType reports whether ct is a Content-Type that is known
|
||
|
// to cause client-side content sniffing.
|
||
|
//
|
||
|
// This provides just a partial implementation of mime.ParseMediaType
|
||
|
// with the assumption that the Content-Type is not attacker controlled.
|
||
|
func SniffedContentType(ct string) bool {
|
||
|
if i := strings.Index(ct, ";"); i != -1 {
|
||
|
ct = ct[:i]
|
||
|
}
|
||
|
ct = strings.ToLower(strings.TrimSpace(ct))
|
||
|
return ct == "text/plain" || ct == "application/octet-stream" ||
|
||
|
ct == "application/unknown" || ct == "unknown/unknown" || ct == "*/*" ||
|
||
|
!strings.Contains(ct, "/")
|
||
|
}
|
||
|
|
||
|
// ValidTrailerHeader reports whether name is a valid header field name to appear
|
||
|
// in trailers.
|
||
|
// See RFC 7230, Section 4.1.2
|
||
|
func ValidTrailerHeader(name string) bool {
|
||
|
name = textproto.CanonicalMIMEHeaderKey(name)
|
||
|
if strings.HasPrefix(name, "If-") || badTrailer[name] {
|
||
|
return false
|
||
|
}
|
||
|
return true
|
||
|
}
|
||
|
|
||
|
var badTrailer = map[string]bool{
|
||
|
"Authorization": true,
|
||
|
"Cache-Control": true,
|
||
|
"Connection": true,
|
||
|
"Content-Encoding": true,
|
||
|
"Content-Length": true,
|
||
|
"Content-Range": true,
|
||
|
"Content-Type": true,
|
||
|
"Expect": true,
|
||
|
"Host": true,
|
||
|
"Keep-Alive": true,
|
||
|
"Max-Forwards": true,
|
||
|
"Pragma": true,
|
||
|
"Proxy-Authenticate": true,
|
||
|
"Proxy-Authorization": true,
|
||
|
"Proxy-Connection": true,
|
||
|
"Range": true,
|
||
|
"Realm": true,
|
||
|
"Te": true,
|
||
|
"Trailer": true,
|
||
|
"Transfer-Encoding": true,
|
||
|
"Www-Authenticate": true,
|
||
|
}
|