1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // HTTP Request reading and parsing.
7 // Package http implements parsing of HTTP requests, replies, and URLs and
8 // provides an extensible HTTP server and a basic HTTP client.
29 maxLineLength = 4096 // assumed <= bufio.defaultBufSize
32 chunkSize = 4 << 10 // 4 KB chunks
33 defaultMaxMemory = 32 << 20 // 32 MB
36 // ErrMissingFile is returned by FormFile when the provided file field name
37 // is either not present in the request or not a file field.
38 var ErrMissingFile = os.NewError("http: no such file")
40 // HTTP request parsing errors.
41 type ProtocolError struct {
45 func (err *ProtocolError) String() string { return err.ErrorString }
48 ErrLineTooLong = &ProtocolError{"header line too long"}
49 ErrHeaderTooLong = &ProtocolError{"header too long"}
50 ErrShortBody = &ProtocolError{"entity body too short"}
51 ErrNotSupported = &ProtocolError{"feature not supported"}
52 ErrUnexpectedTrailer = &ProtocolError{"trailer header without chunked transfer encoding"}
53 ErrMissingContentLength = &ProtocolError{"missing ContentLength in HEAD response"}
54 ErrNotMultipart = &ProtocolError{"request Content-Type isn't multipart/form-data"}
55 ErrMissingBoundary = &ProtocolError{"no multipart boundary param Content-Type"}
58 type badStringError struct {
63 func (e *badStringError) String() string { return fmt.Sprintf("%s %q", e.what, e.str) }
65 // Headers that Request.Write handles itself and should be skipped.
66 var reqWriteExcludeHeader = map[string]bool{
67 "Host": true, // not in Header map anyway
69 "Content-Length": true,
70 "Transfer-Encoding": true,
74 var reqWriteExcludeHeaderDump = map[string]bool{
75 "Host": true, // not in Header map anyway
76 "Content-Length": true,
77 "Transfer-Encoding": true,
81 // A Request represents a parsed HTTP request header.
83 Method string // GET, POST, PUT, etc.
86 // The protocol version for incoming requests.
87 // Outgoing requests always use HTTP/1.1.
88 Proto string // "HTTP/1.0"
92 // A header maps request lines to their values.
95 // accept-encoding: gzip, deflate
96 // Accept-Language: en-us
97 // Connection: keep-alive
101 // Header = map[string][]string{
102 // "Accept-Encoding": {"gzip, deflate"},
103 // "Accept-Language": {"en-us"},
104 // "Connection": {"keep-alive"},
107 // HTTP defines that header names are case-insensitive.
108 // The request parser implements this by canonicalizing the
109 // name, making the first character and any characters
110 // following a hyphen uppercase and the rest lowercase.
116 // ContentLength records the length of the associated content.
117 // The value -1 indicates that the length is unknown.
118 // Values >= 0 indicate that the given number of bytes may be read from Body.
121 // TransferEncoding lists the transfer encodings from outermost to innermost.
122 // An empty list denotes the "identity" encoding.
123 TransferEncoding []string
125 // Whether to close the connection after replying to this request.
128 // The host on which the URL is sought.
129 // Per RFC 2616, this is either the value of the Host: header
130 // or the host name given in the URL itself.
133 // The parsed form. Only available after ParseForm is called.
136 // The parsed multipart form, including file uploads.
137 // Only available after ParseMultipartForm is called.
138 MultipartForm *multipart.Form
140 // Trailer maps trailer keys to values. Like for Header, if the
141 // response has multiple trailer lines with the same key, they will be
142 // concatenated, delimited by commas.
145 // RemoteAddr allows HTTP servers and other software to record
146 // the network address that sent the request, usually for
147 // logging. This field is not filled in by ReadRequest and
148 // has no defined format. The HTTP server in this package
149 // sets RemoteAddr to an "IP:port" address before invoking a
153 // TLS allows HTTP servers and other software to record
154 // information about the TLS connection on which the request
155 // was received. This field is not filled in by ReadRequest.
156 // The HTTP server in this package sets the field for
157 // TLS-enabled connections before invoking a handler;
158 // otherwise it leaves the field nil.
159 TLS *tls.ConnectionState
162 // ProtoAtLeast returns whether the HTTP protocol used
163 // in the request is at least major.minor.
164 func (r *Request) ProtoAtLeast(major, minor int) bool {
165 return r.ProtoMajor > major ||
166 r.ProtoMajor == major && r.ProtoMinor >= minor
169 // UserAgent returns the client's User-Agent, if sent in the request.
170 func (r *Request) UserAgent() string {
171 return r.Header.Get("User-Agent")
174 // Cookies parses and returns the HTTP cookies sent with the request.
175 func (r *Request) Cookies() []*Cookie {
176 return readCookies(r.Header, "")
179 var ErrNoCookie = os.NewError("http: named cookied not present")
181 // Cookie returns the named cookie provided in the request or
182 // ErrNoCookie if not found.
183 func (r *Request) Cookie(name string) (*Cookie, os.Error) {
184 for _, c := range readCookies(r.Header, name) {
187 return nil, ErrNoCookie
190 // AddCookie adds a cookie to the request. Per RFC 6265 section 5.4,
191 // AddCookie does not attach more than one Cookie header field. That
192 // means all cookies, if any, are written into the same line,
193 // separated by semicolon.
194 func (r *Request) AddCookie(c *Cookie) {
195 s := fmt.Sprintf("%s=%s", sanitizeName(c.Name), sanitizeValue(c.Value))
196 if c := r.Header.Get("Cookie"); c != "" {
197 r.Header.Set("Cookie", c+"; "+s)
199 r.Header.Set("Cookie", s)
203 // Referer returns the referring URL, if sent in the request.
205 // Referer is misspelled as in the request itself, a mistake from the
206 // earliest days of HTTP. This value can also be fetched from the
207 // Header map as Header["Referer"]; the benefit of making it available
208 // as a method is that the compiler can diagnose programs that use the
209 // alternate (correct English) spelling req.Referrer() but cannot
210 // diagnose programs that use Header["Referrer"].
211 func (r *Request) Referer() string {
212 return r.Header.Get("Referer")
215 // multipartByReader is a sentinel value.
216 // Its presence in Request.MultipartForm indicates that parsing of the request
217 // body has been handed off to a MultipartReader instead of ParseMultipartFrom.
218 var multipartByReader = &multipart.Form{
219 Value: make(map[string][]string),
220 File: make(map[string][]*multipart.FileHeader),
223 // MultipartReader returns a MIME multipart reader if this is a
224 // multipart/form-data POST request, else returns nil and an error.
225 // Use this function instead of ParseMultipartForm to
226 // process the request body as a stream.
227 func (r *Request) MultipartReader() (*multipart.Reader, os.Error) {
228 if r.MultipartForm == multipartByReader {
229 return nil, os.NewError("http: MultipartReader called twice")
231 if r.MultipartForm != nil {
232 return nil, os.NewError("http: multipart handled by ParseMultipartForm")
234 r.MultipartForm = multipartByReader
235 return r.multipartReader()
238 func (r *Request) multipartReader() (*multipart.Reader, os.Error) {
239 v := r.Header.Get("Content-Type")
241 return nil, ErrNotMultipart
243 d, params, err := mime.ParseMediaType(v)
244 if err != nil || d != "multipart/form-data" {
245 return nil, ErrNotMultipart
247 boundary, ok := params["boundary"]
249 return nil, ErrMissingBoundary
251 return multipart.NewReader(r.Body, boundary), nil
254 // Return value if nonempty, def otherwise.
255 func valueOrDefault(value, def string) string {
262 const defaultUserAgent = "Go http package"
264 // Write writes an HTTP/1.1 request -- header and body -- in wire format.
265 // This method consults the following fields of req:
268 // Method (defaults to "GET")
274 // If Body is present, Content-Length is <= 0 and TransferEncoding
275 // hasn't been set to "identity", Write adds "Transfer-Encoding:
276 // chunked" to the header. Body is closed after it is sent.
277 func (req *Request) Write(w io.Writer) os.Error {
278 return req.write(w, false, nil)
281 // WriteProxy is like Write but writes the request in the form
282 // expected by an HTTP proxy. In particular, WriteProxy writes the
283 // initial Request-URI line of the request with an absolute URI, per
284 // section 5.1.2 of RFC 2616, including the scheme and host. In
285 // either case, WriteProxy also writes a Host header, using either
286 // req.Host or req.URL.Host.
287 func (req *Request) WriteProxy(w io.Writer) os.Error {
288 return req.write(w, true, nil)
291 func (req *Request) dumpWrite(w io.Writer) os.Error {
292 // TODO(bradfitz): RawPath here?
293 urlStr := valueOrDefault(req.URL.EncodedPath(), "/")
294 if req.URL.RawQuery != "" {
295 urlStr += "?" + req.URL.RawQuery
298 bw := bufio.NewWriter(w)
299 fmt.Fprintf(bw, "%s %s HTTP/%d.%d\r\n", valueOrDefault(req.Method, "GET"), urlStr,
300 req.ProtoMajor, req.ProtoMinor)
303 if host == "" && req.URL != nil {
307 fmt.Fprintf(bw, "Host: %s\r\n", host)
310 // Process Body,ContentLength,Close,Trailer
311 tw, err := newTransferWriter(req)
315 err = tw.WriteHeader(bw)
320 err = req.Header.WriteSubset(bw, reqWriteExcludeHeaderDump)
325 io.WriteString(bw, "\r\n")
327 // Write body and trailer
328 err = tw.WriteBody(bw)
336 // extraHeaders may be nil
337 func (req *Request) write(w io.Writer, usingProxy bool, extraHeaders Header) os.Error {
341 return os.NewError("http: Request.Write on Request with no Host or URL set")
346 urlStr := req.URL.RawPath
347 if strings.HasPrefix(urlStr, "?") {
348 urlStr = "/" + urlStr // Issue 2344
351 urlStr = valueOrDefault(req.URL.RawPath, valueOrDefault(req.URL.EncodedPath(), "/"))
352 if req.URL.RawQuery != "" {
353 urlStr += "?" + req.URL.RawQuery
356 if urlStr == "" || urlStr[0] != '/' {
357 urlStr = "/" + urlStr
359 urlStr = req.URL.Scheme + "://" + host + urlStr
362 // TODO(bradfitz): escape at least newlines in urlStr?
364 bw := bufio.NewWriter(w)
365 fmt.Fprintf(bw, "%s %s HTTP/1.1\r\n", valueOrDefault(req.Method, "GET"), urlStr)
368 fmt.Fprintf(bw, "Host: %s\r\n", host)
370 // Use the defaultUserAgent unless the Header contains one, which
371 // may be blank to not send the header.
372 userAgent := defaultUserAgent
373 if req.Header != nil {
374 if ua := req.Header["User-Agent"]; len(ua) > 0 {
379 fmt.Fprintf(bw, "User-Agent: %s\r\n", userAgent)
382 // Process Body,ContentLength,Close,Trailer
383 tw, err := newTransferWriter(req)
387 err = tw.WriteHeader(bw)
392 // TODO: split long values? (If so, should share code with Conn.Write)
393 err = req.Header.WriteSubset(bw, reqWriteExcludeHeader)
398 if extraHeaders != nil {
399 err = extraHeaders.Write(bw)
405 io.WriteString(bw, "\r\n")
407 // Write body and trailer
408 err = tw.WriteBody(bw)
416 // Read a line of bytes (up to \n) from b.
417 // Give up if the line exceeds maxLineLength.
418 // The returned bytes are a pointer into storage in
419 // the bufio, so they are only valid until the next bufio read.
420 func readLineBytes(b *bufio.Reader) (p []byte, err os.Error) {
421 if p, err = b.ReadSlice('\n'); err != nil {
422 // We always know when EOF is coming.
423 // If the caller asked for a line, there should be a line.
425 err = io.ErrUnexpectedEOF
426 } else if err == bufio.ErrBufferFull {
431 if len(p) >= maxLineLength {
432 return nil, ErrLineTooLong
435 // Chop off trailing white space.
437 for i = len(p); i > 0; i-- {
438 if c := p[i-1]; c != ' ' && c != '\r' && c != '\t' && c != '\n' {
445 // readLineBytes, but convert the bytes into a string.
446 func readLine(b *bufio.Reader) (s string, err os.Error) {
447 p, e := readLineBytes(b)
451 return string(p), nil
454 // Convert decimal at s[i:len(s)] to integer,
455 // returning value, string position where the digits stopped,
456 // and whether there was a valid number (digits, not too big).
457 func atoi(s string, i int) (n, i1 int, ok bool) {
459 if i >= len(s) || s[i] < '0' || s[i] > '9' {
463 for ; i < len(s) && '0' <= s[i] && s[i] <= '9'; i++ {
464 n = n*10 + int(s[i]-'0')
472 // ParseHTTPVersion parses a HTTP version string.
473 // "HTTP/1.0" returns (1, 0, true).
474 func ParseHTTPVersion(vers string) (major, minor int, ok bool) {
475 if len(vers) < 5 || vers[0:5] != "HTTP/" {
478 major, i, ok := atoi(vers, 5)
479 if !ok || i >= len(vers) || vers[i] != '.' {
482 minor, i, ok = atoi(vers, i+1)
483 if !ok || i != len(vers) {
486 return major, minor, true
489 type chunkedReader struct {
491 n uint64 // unread bytes in chunk
495 func (cr *chunkedReader) beginChunk() {
498 line, cr.err = readLine(cr.r)
502 cr.n, cr.err = strconv.Btoui64(line, 16)
509 line, cr.err = readLine(cr.r)
521 func (cr *chunkedReader) Read(b []uint8) (n int, err os.Error) {
531 if uint64(len(b)) > cr.n {
534 n, cr.err = cr.r.Read(b)
536 if cr.n == 0 && cr.err == nil {
537 // end of chunk (CRLF)
539 if _, cr.err = io.ReadFull(cr.r, b); cr.err == nil {
540 if b[0] != '\r' || b[1] != '\n' {
541 cr.err = os.NewError("malformed chunked encoding")
548 // NewRequest returns a new Request given a method, URL, and optional body.
549 func NewRequest(method, urlStr string, body io.Reader) (*Request, os.Error) {
550 u, err := url.Parse(urlStr)
554 rc, ok := body.(io.ReadCloser)
555 if !ok && body != nil {
556 rc = ioutil.NopCloser(body)
564 Header: make(Header),
569 switch v := body.(type) {
570 case *strings.Reader:
571 req.ContentLength = int64(v.Len())
573 req.ContentLength = int64(v.Len())
580 // SetBasicAuth sets the request's Authorization header to use HTTP
581 // Basic Authentication with the provided username and password.
583 // With HTTP Basic Authentication the provided username and password
584 // are not encrypted.
585 func (r *Request) SetBasicAuth(username, password string) {
586 s := username + ":" + password
587 r.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte(s)))
590 // ReadRequest reads and parses a request from b.
591 func ReadRequest(b *bufio.Reader) (req *Request, err os.Error) {
593 tp := textproto.NewReader(b)
596 // First line: GET /index.html HTTP/1.0
598 if s, err = tp.ReadLine(); err != nil {
600 err = io.ErrUnexpectedEOF
606 if f = strings.SplitN(s, " ", 3); len(f) < 3 {
607 return nil, &badStringError{"malformed HTTP request", s}
610 req.Method, rawurl, req.Proto = f[0], f[1], f[2]
612 if req.ProtoMajor, req.ProtoMinor, ok = ParseHTTPVersion(req.Proto); !ok {
613 return nil, &badStringError{"malformed HTTP version", req.Proto}
616 if req.URL, err = url.ParseRequest(rawurl); err != nil {
620 // Subsequent lines: Key: value.
621 mimeHeader, err := tp.ReadMIMEHeader()
625 req.Header = Header(mimeHeader)
627 // RFC2616: Must treat
628 // GET /index.html HTTP/1.1
629 // Host: www.google.com
631 // GET http://www.google.com/index.html HTTP/1.1
632 // Host: doesntmatter
633 // the same. In the second case, any Host line is ignored.
634 req.Host = req.URL.Host
636 req.Host = req.Header.Get("Host")
638 req.Header.Del("Host")
640 fixPragmaCacheControl(req.Header)
642 // TODO: Parse specific header values:
656 // If-Unmodified-Since
658 // Proxy-Authorization
660 // TE (transfer-codings)
668 err = readTransfer(req, b)
676 // MaxBytesReader is similar to io.LimitReader but is intended for
677 // limiting the size of incoming request bodies. In contrast to
678 // io.LimitReader, MaxBytesReader's result is a ReadCloser, returns a
679 // non-EOF error for a Read beyond the limit, and Closes the
680 // underlying reader when its Close method is called.
682 // MaxBytesReader prevents clients from accidentally or maliciously
683 // sending a large request and wasting server resources.
684 func MaxBytesReader(w ResponseWriter, r io.ReadCloser, n int64) io.ReadCloser {
685 return &maxBytesReader{w: w, r: r, n: n}
688 type maxBytesReader struct {
690 r io.ReadCloser // underlying reader
691 n int64 // max bytes remaining
695 func (l *maxBytesReader) Read(p []byte) (n int, err os.Error) {
699 if res, ok := l.w.(*response); ok {
700 res.requestTooLarge()
703 return 0, os.NewError("http: request body too large")
705 if int64(len(p)) > l.n {
713 func (l *maxBytesReader) Close() os.Error {
717 // ParseForm parses the raw query from the URL.
719 // For POST or PUT requests, it also parses the request body as a form.
720 // If the request Body's size has not already been limited by MaxBytesReader,
721 // the size is capped at 10MB.
723 // ParseMultipartForm calls ParseForm automatically.
725 func (r *Request) ParseForm() (err os.Error) {
730 r.Form, err = url.ParseQuery(r.URL.RawQuery)
732 if r.Method == "POST" || r.Method == "PUT" {
734 return os.NewError("missing form body")
736 ct := r.Header.Get("Content-Type")
737 ct, _, err := mime.ParseMediaType(ct)
739 case ct == "text/plain" || ct == "application/x-www-form-urlencoded" || ct == "":
740 var reader io.Reader = r.Body
741 maxFormSize := int64(1<<63 - 1)
742 if _, ok := r.Body.(*maxBytesReader); !ok {
743 maxFormSize = int64(10 << 20) // 10 MB is a lot of text.
744 reader = io.LimitReader(r.Body, maxFormSize+1)
746 b, e := ioutil.ReadAll(reader)
753 if int64(len(b)) > maxFormSize {
754 return os.NewError("http: POST too large")
756 var newValues url.Values
757 newValues, e = url.ParseQuery(string(b))
762 r.Form = make(url.Values)
764 // Copy values into r.Form. TODO: make this smoother.
765 for k, vs := range newValues {
766 for _, value := range vs {
770 case ct == "multipart/form-data":
771 // handled by ParseMultipartForm (which is calling us, or should be)
772 // TODO(bradfitz): there are too many possible
773 // orders to call too many functions here.
774 // Clean this up and write more tests.
775 // request_test.go contains the start of this,
776 // in TestRequestMultipartCallOrder.
778 return &badStringError{"unknown Content-Type", ct}
784 // ParseMultipartForm parses a request body as multipart/form-data.
785 // The whole request body is parsed and up to a total of maxMemory bytes of
786 // its file parts are stored in memory, with the remainder stored on
787 // disk in temporary files.
788 // ParseMultipartForm calls ParseForm if necessary.
789 // After one call to ParseMultipartForm, subsequent calls have no effect.
790 func (r *Request) ParseMultipartForm(maxMemory int64) os.Error {
791 if r.MultipartForm == multipartByReader {
792 return os.NewError("http: multipart handled by MultipartReader")
800 if r.MultipartForm != nil {
804 mr, err := r.multipartReader()
805 if err == ErrNotMultipart {
807 } else if err != nil {
811 f, err := mr.ReadForm(maxMemory)
815 for k, v := range f.Value {
816 r.Form[k] = append(r.Form[k], v...)
823 // FormValue returns the first value for the named component of the query.
824 // FormValue calls ParseMultipartForm and ParseForm if necessary.
825 func (r *Request) FormValue(key string) string {
827 r.ParseMultipartForm(defaultMaxMemory)
829 if vs := r.Form[key]; len(vs) > 0 {
835 // FormFile returns the first file for the provided form key.
836 // FormFile calls ParseMultipartForm and ParseForm if necessary.
837 func (r *Request) FormFile(key string) (multipart.File, *multipart.FileHeader, os.Error) {
838 if r.MultipartForm == multipartByReader {
839 return nil, nil, os.NewError("http: multipart handled by MultipartReader")
841 if r.MultipartForm == nil {
842 err := r.ParseMultipartForm(defaultMaxMemory)
847 if r.MultipartForm != nil && r.MultipartForm.File != nil {
848 if fhs := r.MultipartForm.File[key]; len(fhs) > 0 {
849 f, err := fhs[0].Open()
850 return f, fhs[0], err
853 return nil, nil, ErrMissingFile
856 func (r *Request) expectsContinue() bool {
857 return strings.ToLower(r.Header.Get("Expect")) == "100-continue"
860 func (r *Request) wantsHttp10KeepAlive() bool {
861 if r.ProtoMajor != 1 || r.ProtoMinor != 0 {
864 return strings.Contains(strings.ToLower(r.Header.Get("Connection")), "keep-alive")