* Prevent request smuggling
Prevent request smuggling when fasthttp is behind a reverse proxy that
might interprets headers differently by being stricter. Should also
prevent request smuggling when fasthttp is used as the reverse proxy.
* Make header value comparison case-insensitive
* Auto add 'Vary' header after compression
Add config `SetAddVaryHeaderForCompression` to enable
'Vary: Accept-Encoding' header when compression is used.
* feat: always set the Vary header
* create and use `ResponseHeader.AddVaryBytes`
* not export 'AddVaryBytes'
* Update Go Version to Go1.19.x And add cache
* Fix CI Line endings
* Update test CI Go Version to Go1.19.x And add cache
* Update Gosec Security Scanner CI to securego/gosec@v2.12.0
* Format comment
Go 1.19 adds support for links, lists, and clearer headings in doc comments. As part of this change, gofmt now reformats doc comments to make their rendered meaning clearer. See “Go Doc Comments” for syntax details and descriptions of common mistakes now highlighted by gofmt. As another part of this change, the new package go/doc/comment provides parsing and reformatting of doc comments as well as support for rendering them to HTML, Markdown, and text.
ref: https://tip.golang.org/doc/go1.19
ref: https://tip.golang.org/doc/comment
* Fix doc structure
* header.go ContentEncoding() getter and setters
For Response the CE header is stored into a separate field because compressed responses are often used.
But for the Request let's just peek and store it from headers map
* http.go: New BodyUncompressed() method for request and responses
The new method returns a body and uncompress if it's gzipped
* args.go GetBool(): use switch with string casting
This should be optimized by Go compiler itself so the b2s() call is not needed.
It was previously done by this but changed in
1e7885eb56
* header.go Referer() optimize
Use direct peekArgBytes() instead of PeekBytes() that will check for special headers
* header_timing_test.go BenchmarkRequestHeaderPeekBytesSpecialHeader
The old BenchmarkRequestHeaderPeekBytesCanonical and BenchmarkRequestHeaderPeekBytesNonCanonical are in fact just measured the header normalization.
But it's anyway is benchmarked separately.
Results was almost the same: 1.5 ns/op.
Instead, let's reuse the benches to find a difference between peeking of special (Host, CT) and custom headers.
* Response.ContentEncoding(): store as field
The CE is not so often used for plain APIs responses and even not so often used for static files and on the fly compression.
But still it should be checked each time.
Also having a dedicated field getter and setter simplifies code
* header.go Use shorter Response.setNonSpecial() and Request.setNonSpecial() methods instead of SetCanonical()
The change should improve performance because the setSpecialHeader() call is omitted.
As a downside on adding a new basic header field all putHeader() must be replaced with a direct getter and setter.
* Adding zero-allocation uint64 to byte slice conversion and fixing the ResponseHeader.SetStatusLine function call signature
* Removing unnecessary i2b function
* Fixing various bugs
* Adding test cases
* Commenting AppendStatusLine
* Update status.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Update header.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Cleaning up references to strHTTP11, using formatStatusLine for invalidStatusLine, and making `appendStatusLine` an unexported function
Issue: https://github.com/valyala/fasthttp/issues/1132
* Fixing merge conflicts
Issue: https://github.com/valyala/fasthttp/issues/1132
* Replacing []byte{} with nil in some test cases
Issue: https://github.com/valyala/fasthttp/issues/1132
* Cleaning up parsing first line, and improving StatusMessage function
Issue: https://github.com/valyala/fasthttp/issues/1132
* Fixing as per PR
* Update header.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Update header.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Fixing as per requested changes
* Update header_test.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Flush buffered responses if we have to wait for the next request
Don't wait for the next request as this can take some time, instead
flush the outstanding responses already.
Fixes#1043
* Only peek 1 byte
Make sure old clients that send bogus \r\n still work.
See: https://github.com/golang/go/commit/bf5e19fbaf02b1b25fbe50c27ec301fe830a28d0
Oleksandr Redko
Erik Dubbelboer
nickajacks1
Oleksandr Redko
xiluoxi
AutumnSun
Anthony Ter-Saakov
kinggo
cui fliter
byene0923
Aoang
Sergey Ponomarev
Jack.Ju
ichx
Shivansh Vij
tyltr
Valentin Paz Marcolla
Kyle Unverferth
MoreFreeze
Daniel Firsht
Darío