From 1171ae7153c7bd898caaa69cebeeea5678dc0add Mon Sep 17 00:00:00 2001 From: Stephen Augustus Date: Thu, 23 Jul 2020 14:32:26 -0400 Subject: [PATCH] [go1.15] apimachinery/pkg/util/proxy: Drop identity transfer-encoding ref: https://tip.golang.org/doc/go1.15#net/http Parsing is now stricter as a hardening measure against request smuggling attacks: non-ASCII white space is no longer trimmed like SP and HTAB, and support for the "identity" Transfer-Encoding was dropped. Signed-off-by: Stephen Augustus --- .../pkg/util/proxy/upgradeaware_test.go | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware_test.go b/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware_test.go index 141d2d85a71..3f2d41f9460 100644 --- a/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware_test.go +++ b/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware_test.go @@ -763,21 +763,6 @@ func TestProxyRequestContentLengthAndTransferEncoding(t *testing.T) { expectedBody: sampleData, }, - "content-length + identity transfer-encoding": { - reqHeaders: http.Header{ - "Content-Length": []string{"5"}, - "Transfer-Encoding": []string{"identity"}, - }, - reqBody: sampleData, - - expectedHeaders: http.Header{ - "Content-Length": []string{"5"}, - "Content-Encoding": nil, // none set - "Transfer-Encoding": nil, // gets removed - }, - expectedBody: sampleData, - }, - "content-length + gzip content-encoding": { reqHeaders: http.Header{ "Content-Length": []string{strconv.Itoa(len(zip(sampleData)))},