qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-09-24 07:20:14 -06:00
Code Releases Activity
The Go programming language
42,380 Commits 58 Branches 402 Tags 522 MiB
Go 89.6%
Assembly 5.2%
HTML 4.8%
C 0.2%
Shell 0.1%
88ed322afc
Go to file
Kévin Dunglas 88ed322afc net/http/httputil: add docs about X-Forwarded-For in ReverseProxy 
ReverseProxy automatically sets the X-Forwarded-For header, if the request
already contains a X-Forwarded-For header, the value of the client IP is
appended to the existing header value.
This behavior isn't documented anywhere, and can lead to IP spoofing
security issues is the client is untrusted (the most common situation).
This PR documents this behavior.

For future versions, I proposed #36678 that implements a more secure
default behavior and adds support for other forwarded headers.

Change-Id: Ief14f5063caebfccb87714f54cffa927c714e5fd
GitHub-Last-Rev: fd0bd29a18
GitHub-Pull-Request: golang/go#36672
Reviewed-on: https://go-review.googlesource.com/c/go/+/215617
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2020-01-21 21:51:46 +00:00
.github .github: add link to questions in ISSUE_TEMPLATE 2020-01-06 17:05:31 +00:00
api go/build: rename WorkingDir to Dir 2019-12-17 14:59:30 +00:00
doc spec: add missing space in EBNF 2020-01-15 05:32:51 +00:00
lib/time lib/time: update tz data to 2019c 2019-11-26 12:03:08 +00:00
misc misc/cgo/test: re-enable darwin cgo tests in race mode 2020-01-10 10:04:49 +00:00
src net/http/httputil: add docs about X-Forwarded-For in ReverseProxy 2020-01-21 21:51:46 +00:00
test test: disable test for #36516 when cgo is not enabled 2020-01-19 20:36:10 +00:00
.gitattributes
.gitignore .gitignore: ignore src/cmd/dist/dist 2017-10-28 21:55:49 +00:00
AUTHORS A+C: change email address for Akhil Indurti 2019-09-09 15:30:38 +00:00
CONTRIBUTING.md all: restore changes from faulty merge/revert 2018-02-12 20:13:59 +00:00
CONTRIBUTORS C: add missing name 2020-01-14 15:51:35 +00:00
favicon.ico website: recreate 16px and 32px favicon 2016-08-25 15:43:32 +00:00
LICENSE doc: revert copyright date to 2009 2016-06-01 22:40:04 +00:00
PATENTS
README.md README: linkify some paths 2018-06-06 18:07:01 +00:00
robots.txt
SECURITY.md SECURITY.md: update go versions 2019-09-26 15:34:57 +00:00

README.md

The Go Programming Language

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.

Gopher image Gopher image by Renee French, licensed under Creative Commons 3.0 Attributions license.

Our canonical Git repository is located at https://go.googlesource.com/go. There is a mirror of the repository at https://github.com/golang/go.

Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file.

Download and Install

Binary Distributions

Official binary distributions are available at https://golang.org/dl/.

After downloading a binary release, visit https://golang.org/doc/install or load doc/install.html in your web browser for installation instructions.

Install From Source

If a binary distribution is not available for your combination of operating system and architecture, visit https://golang.org/doc/install/source or load doc/install-source.html in your web browser for source installation instructions.

Contributing

Go is the work of thousands of contributors. We appreciate your help!

To contribute, please read the contribution guidelines: https://golang.org/doc/contribute.html

Note that the Go project uses the issue tracker for bug reports and proposals only. See https://golang.org/wiki/Questions for a list of places to ask questions about the Go language.