Damien Neil
Damien Neil
Another possible API: ``` // IsSafe reports whether the path refers to a location within the current directory. // If path is absolute or references a location above the current...
There is no universal definition of "safe", but there is a category of paths which reference locations which are lexically contained within some root. Perhaps there's a better name for...
Not much more code, but two function calls, two constants (`Separator` and `..`), it incorrectly accepts `dir="a", rel="../a"`, and I'm pretty sure that doesn't handle `NUL` correctly at the moment....
> “Lexically in the same directory” is a clear property for which we can surely promise backward-compatibility. Alas, this is also not the right property. "COM1" is lexically in the...
This proposal is for a mechanism to permit a handler to adjust the read and write deadlines for a request after the handler has been called. Sample usage would be...
> This will transparently work with both http/1.1 and http/2 connections right? Yes. > What about http/3 servers based on https://github.com/lucas-clemente/quic-go? As proposed, this only works with `ResponseWriter`s provided by...
Changes to the proposal: * Drop the `*Request` parameter to NewResponseController. We don't need it, and I haven't been able to think of anything that would require it in the...
While working through a draft implementation of this, I came across a somewhat different approach to integrating non-`net/http` implementations (including `x/net/http2`) with `ResponseController`. A demonstration is in https://go.dev/cl/436890. In this...
After discussion with @bradfitz, we think the original proposal with the update in https://github.com/golang/go/issues/54136#issuecomment-1259894379 is the right approach. Making ResponseController an interface is an interesting idea, but the benefits (if...
Yes, `SetReadDeadline` and `SetWriteDeadline` will override any existing `ReadTimeout` or `WriteTimeout`. Once a timeout has expired, however, it sticks; you can't resume reads/writes by extending an expired timeout. (We could...