diff --git a/src/net/http/transport.go b/src/net/http/transport.go index f2d538b04a8..e470a6c0807 100644 --- a/src/net/http/transport.go +++ b/src/net/http/transport.go @@ -525,7 +525,8 @@ func (t *Transport) roundTrip(req *Request) (*Response, error) { for _, v := range vv { if !httpguts.ValidHeaderFieldValue(v) { req.closeBody() - return nil, fmt.Errorf("net/http: invalid header field value %q for key %v", v, k) + // Don't include the value in the error, because it may be sensitive. + return nil, fmt.Errorf("net/http: invalid header field value for %q", k) } } } diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go index 84868e2c5e1..cba35db2576 100644 --- a/src/net/http/transport_test.go +++ b/src/net/http/transport_test.go @@ -6085,14 +6085,14 @@ func TestTransportClosesBodyOnInvalidRequests(t *testing.T) { Method: " ", URL: u, }, - wantErr: "invalid method", + wantErr: `invalid method " "`, }, { name: "nil URL", req: &Request{ Method: "GET", }, - wantErr: "nil Request.URL", + wantErr: `nil Request.URL`, }, { name: "invalid header key", @@ -6101,7 +6101,7 @@ func TestTransportClosesBodyOnInvalidRequests(t *testing.T) { Header: Header{"💡": {"emoji"}}, URL: u, }, - wantErr: "invalid header field name", + wantErr: `invalid header field name "💡"`, }, { name: "invalid header value", @@ -6110,7 +6110,7 @@ func TestTransportClosesBodyOnInvalidRequests(t *testing.T) { Header: Header{"key": {"\x19"}}, URL: u, }, - wantErr: "invalid header field value", + wantErr: `invalid header field value for "key"`, }, { name: "non HTTP(s) scheme", @@ -6118,7 +6118,7 @@ func TestTransportClosesBodyOnInvalidRequests(t *testing.T) { Method: "POST", URL: &url.URL{Scheme: "faux"}, }, - wantErr: "unsupported protocol scheme", + wantErr: `unsupported protocol scheme "faux"`, }, { name: "no Host in URL", @@ -6126,7 +6126,7 @@ func TestTransportClosesBodyOnInvalidRequests(t *testing.T) { Method: "POST", URL: &url.URL{Scheme: "http"}, }, - wantErr: "no Host", + wantErr: `no Host in request URL`, }, } @@ -6142,8 +6142,8 @@ func TestTransportClosesBodyOnInvalidRequests(t *testing.T) { if !bc { t.Fatal("Expected body to have been closed") } - if g, w := err.Error(), tt.wantErr; !strings.Contains(g, w) { - t.Fatalf("Error mismatch\n\t%q\ndoes not contain\n\t%q", g, w) + if g, w := err.Error(), tt.wantErr; !strings.HasSuffix(g, w) { + t.Fatalf("Error mismatch: %q does not end with %q", g, w) } }) }