https://chengl.com/tags/go/Recent content in Go on Random MusingsHugoen-usCheng LongSun, 30 Jul 2017 09:32:10 +0000https://chengl.com/post/be-wary-of-go-http-client/Sat, 25 Mar 2017 09:30:00 +0000https://chengl.com/post/be-wary-of-go-http-client/<p>Recently, I found out an interesting problem in Go. The problem can be reduced to a simple client request to a HTTP server.</p> <p>Suppose we have a HTTP server, which serves only one rooted path <code>/foo/</code>.</p> <pre><code>package main import ( &quot;io&quot; &quot;log&quot; &quot;net/http&quot; &quot;net/http/httputil&quot; ) func handleFoo(w http.ResponseWriter, req *http.Request) { // request details dump, _ := httputil.DumpRequest(req, true) log.Println(string(dump)) if auth := req.Header.Get(&quot;Authorization&quot;); auth != &quot;Bearer GoodToken&quot; { http.Error(w, &quot;401 Unauthorized&quot;, http.StatusUnauthorized) return } io.WriteString(w, &quot;Hello World!&quot;) } func main() { http.HandleFunc(&quot;/foo/&quot;, handleFoo) log.Fatal(http.ListenAndServe(&quot;:12345&quot;, nil)) } </code></pre> <p><code>handleFoo</code> simplily verifies that correct token is sent in the <code>Authorization</code> header. Otherwise, it returns <code>401 Unauthorized</code>.</p>