[go] net/http: add Server.MaxHeaderValueCount setting

2 views
Skip to first unread message

Nicholas Husin (Gerrit)

unread,
Jun 29, 2026, 3:43:38 PM (yesterday) Jun 29
to goph...@pubsubhelper.golang.org, golang...@luci-project-accounts.iam.gserviceaccount.com, golang-co...@googlegroups.com
Attention needed from Nicholas Husin

Message from Nicholas Husin

Set Ready For Review

Open in Gerrit

Related details

Attention is currently required from:
  • Nicholas Husin
Submit Requirements:
  • requirement is not satisfiedCode-Review
  • requirement satisfiedNo-Unresolved-Comments
  • requirement is not satisfiedReview-Enforcement
  • requirement is not satisfiedTryBots-Pass
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: go
Gerrit-Branch: master
Gerrit-Change-Id: I600ac6c492f64f9cfa2730836be64dc76a6a6964
Gerrit-Change-Number: 795460
Gerrit-PatchSet: 6
Gerrit-Owner: Nicholas Husin <n...@golang.org>
Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
Gerrit-Attention: Nicholas Husin <n...@golang.org>
Gerrit-Comment-Date: Mon, 29 Jun 2026 19:43:34 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: No
unsatisfied_requirement
satisfied_requirement
open
diffy

Damien Neil (Gerrit)

unread,
Jun 29, 2026, 7:58:51 PM (yesterday) Jun 29
to Nicholas Husin, goph...@pubsubhelper.golang.org, golang...@luci-project-accounts.iam.gserviceaccount.com, golang-co...@googlegroups.com
Attention needed from Nicholas Husin

Damien Neil added 3 comments

File src/net/http/internal/http2/frame.go
Line 341, Patchset 6 (Latest): MaxHeaderValueCount int
Damien Neil . unresolved

0-means-default means the Transport will pick up the default of 500 as well, which probably isn't intended.

Line 1731, Patchset 6 (Latest): var regularHeaderCount int
Damien Neil . unresolved

I think count pseudo-headers as regular headers?

In the current implementation, we parse pseudos into the Headers map just like any other header and don't validate until after all the headers have been read, so they're a vector for sending many headers.

Plus, pseudo-headers map onto regular HTTP/1 headers, so treating the same for accounting makes sense.

File src/net/http/serve_test.go
Line 3339, Patchset 6 (Latest):func TestRequestHeaderValueCountLimit(t *testing.T) {
Damien Neil . unresolved

Include tests for 1xx headers and trailers as well?

Open in Gerrit

Related details

Attention is currently required from:
  • Nicholas Husin
Submit Requirements:
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    • requirement satisfiedTryBots-Pass
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: go
    Gerrit-Branch: master
    Gerrit-Change-Id: I600ac6c492f64f9cfa2730836be64dc76a6a6964
    Gerrit-Change-Number: 795460
    Gerrit-PatchSet: 6
    Gerrit-Owner: Nicholas Husin <n...@golang.org>
    Gerrit-Reviewer: Damien Neil <dn...@google.com>
    Gerrit-Comment-Date: Mon, 29 Jun 2026 23:58:45 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: No
    unsatisfied_requirement
    satisfied_requirement
    open
    diffy

    Nicholas Husin (Gerrit)

    unread,
    3:46 PM (7 hours ago) 3:46 PM
    to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
    Attention needed from Nicholas Husin

    Nicholas Husin uploaded new patchset

    Nicholas Husin uploaded patch set #7 to this change.
    Following approvals got outdated and were removed:
    Open in Gerrit

    Related details

    Attention is currently required from:
    • Nicholas Husin
    Submit Requirements:
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedNo-Unresolved-Comments
      • requirement is not satisfiedReview-Enforcement
      • requirement is not satisfiedTryBots-Pass
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: newpatchset
      Gerrit-Project: go
      Gerrit-Branch: master
      Gerrit-Change-Id: I600ac6c492f64f9cfa2730836be64dc76a6a6964
      Gerrit-Change-Number: 795460
      Gerrit-PatchSet: 7
      unsatisfied_requirement
      open
      diffy

      Nicholas Husin (Gerrit)

      unread,
      3:56 PM (7 hours ago) 3:56 PM
      to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
      Attention needed from Nicholas Husin

      Nicholas Husin uploaded new patchset

      Nicholas Husin uploaded patch set #8 to this change.
      Open in Gerrit

      Related details

      Attention is currently required from:
      • Nicholas Husin
      Submit Requirements:
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedNo-Unresolved-Comments
      • requirement is not satisfiedReview-Enforcement
      • requirement is not satisfiedTryBots-Pass
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: newpatchset
      Gerrit-Project: go
      Gerrit-Branch: master
      Gerrit-Change-Id: I600ac6c492f64f9cfa2730836be64dc76a6a6964
      Gerrit-Change-Number: 795460
      Gerrit-PatchSet: 8
      unsatisfied_requirement
      open
      diffy

      Nicholas Husin (Gerrit)

      unread,
      4:05 PM (7 hours ago) 4:05 PM
      to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
      Attention needed from Nicholas Husin

      Nicholas Husin uploaded new patchset

      Nicholas Husin uploaded patch set #9 to this change.
      Open in Gerrit

      Related details

      Attention is currently required from:
      • Nicholas Husin
      Submit Requirements:
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedNo-Unresolved-Comments
      • requirement is not satisfiedReview-Enforcement
      • requirement is not satisfiedTryBots-Pass
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: newpatchset
      Gerrit-Project: go
      Gerrit-Branch: master
      Gerrit-Change-Id: I600ac6c492f64f9cfa2730836be64dc76a6a6964
      Gerrit-Change-Number: 795460
      Gerrit-PatchSet: 9
      unsatisfied_requirement
      open
      diffy

      Nicholas Husin (Gerrit)

      unread,
      4:44 PM (6 hours ago) 4:44 PM
      to goph...@pubsubhelper.golang.org, golang-co...@googlegroups.com
      Attention needed from Nicholas Husin

      Nicholas Husin uploaded new patchset

      Nicholas Husin uploaded patch set #10 to this change.
      Following approvals got outdated and were removed:
      Open in Gerrit

      Related details

      Attention is currently required from:
      • Nicholas Husin
      Submit Requirements:
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedNo-Unresolved-Comments
      • requirement is not satisfiedReview-Enforcement
      • requirement is not satisfiedTryBots-Pass
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: newpatchset
      Gerrit-Project: go
      Gerrit-Branch: master
      Gerrit-Change-Id: I600ac6c492f64f9cfa2730836be64dc76a6a6964
      Gerrit-Change-Number: 795460
      Gerrit-PatchSet: 10
      unsatisfied_requirement
      open
      diffy

      Nicholas Husin (Gerrit)

      unread,
      4:45 PM (6 hours ago) 4:45 PM
      to goph...@pubsubhelper.golang.org, golang...@luci-project-accounts.iam.gserviceaccount.com, Damien Neil, golang-co...@googlegroups.com
      Attention needed from Damien Neil

      Nicholas Husin added 3 comments

      File src/net/http/internal/http2/frame.go
      Line 341, Patchset 6: MaxHeaderValueCount int
      Damien Neil . resolved

      0-means-default means the Transport will pick up the default of 500 as well, which probably isn't intended.

      Nicholas Husin

      Oops, indeed. Changed 0 to be no limit, and made the child CL where `Transport.MaxResponseHeaderValueCount` is added revert this back to 500 (technically 0 value should never reach this point, but might as well for consistency and to be defensive).

      Line 1731, Patchset 6: var regularHeaderCount int
      Damien Neil . resolved

      I think count pseudo-headers as regular headers?

      In the current implementation, we parse pseudos into the Headers map just like any other header and don't validate until after all the headers have been read, so they're a vector for sending many headers.

      Plus, pseudo-headers map onto regular HTTP/1 headers, so treating the same for accounting makes sense.

      Nicholas Husin

      Good catch, thanks! Changed to count pseudo-headers too.

      File src/net/http/serve_test.go
      Line 3339, Patchset 6:func TestRequestHeaderValueCountLimit(t *testing.T) {
      Damien Neil . unresolved

      Include tests for 1xx headers and trailers as well?

      Nicholas Husin

      I don't think 1xx headers are relevant here right? This CL is only for the client sending headers to the server (I do have the 1xx headers test in the child CL where the server sends headers to the client).

      Added test for trailers. Note that the header values count limit is only applied to the trailer headers in HTTP/2 currently in this CL. Since [`MaxHeaderBytes` is not applied to trailers in HTTP/1](https://cs.opensource.google/go/go/+/master:src/net/http/transfer.go;l=932-942;drc=cabdf7fdd04d48d283de41e93dcb36d0da21fb10), I figured I should follow the same pattern (plus, since this is a freeze exception, keeping the diff minimal is probably a good idea?). Let me know if you think otherwise.

      Open in Gerrit

      Related details

      Attention is currently required from:
      • Damien Neil
      Submit Requirements:
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedNo-Unresolved-Comments
      • requirement is not satisfiedReview-Enforcement
      • requirement is not satisfiedTryBots-Pass
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: go
      Gerrit-Branch: master
      Gerrit-Change-Id: I600ac6c492f64f9cfa2730836be64dc76a6a6964
      Gerrit-Change-Number: 795460
      Gerrit-PatchSet: 10
      Gerrit-Owner: Nicholas Husin <n...@golang.org>
      Gerrit-Reviewer: Damien Neil <dn...@google.com>
      Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
      Gerrit-Attention: Damien Neil <dn...@google.com>
      Gerrit-Comment-Date: Tue, 30 Jun 2026 20:45:15 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: No
      Comment-In-Reply-To: Damien Neil <dn...@google.com>
      unsatisfied_requirement
      open
      diffy

      Damien Neil (Gerrit)

      unread,
      5:06 PM (6 hours ago) 5:06 PM
      to Nicholas Husin, goph...@pubsubhelper.golang.org, golang...@luci-project-accounts.iam.gserviceaccount.com, golang-co...@googlegroups.com
      Attention needed from Nicholas Husin

      Damien Neil voted and added 1 comment

      Votes added by Damien Neil

      Code-Review+2

      1 comment

      File src/net/http/serve_test.go
      Line 3339, Patchset 6:func TestRequestHeaderValueCountLimit(t *testing.T) {
      Damien Neil . unresolved

      Include tests for 1xx headers and trailers as well?

      Nicholas Husin

      I don't think 1xx headers are relevant here right? This CL is only for the client sending headers to the server (I do have the 1xx headers test in the child CL where the server sends headers to the client).

      Added test for trailers. Note that the header values count limit is only applied to the trailer headers in HTTP/2 currently in this CL. Since [`MaxHeaderBytes` is not applied to trailers in HTTP/1](https://cs.opensource.google/go/go/+/master:src/net/http/transfer.go;l=932-942;drc=cabdf7fdd04d48d283de41e93dcb36d0da21fb10), I figured I should follow the same pattern (plus, since this is a freeze exception, keeping the diff minimal is probably a good idea?). Let me know if you think otherwise.

      Damien Neil

      Oh, sorry, right. 1xx doesn't make any sense here of course.

      Let's go with the current CL to start with but have a followup that applies the limit to HTTP/1 trailers as well. I don't really want to put in a fix that still allows however many trailers you can pack into 4096 bytes, even after the user set MaxHeaderBytes=16 or something.

      Open in Gerrit

      Related details

      Attention is currently required from:
      • Nicholas Husin
      Submit Requirements:
      • requirement satisfiedCode-Review
      • requirement is not satisfiedNo-Unresolved-Comments
      • requirement is not satisfiedReview-Enforcement
      • requirement satisfiedTryBots-Pass
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: go
      Gerrit-Branch: master
      Gerrit-Change-Id: I600ac6c492f64f9cfa2730836be64dc76a6a6964
      Gerrit-Change-Number: 795460
      Gerrit-PatchSet: 10
      Gerrit-Owner: Nicholas Husin <n...@golang.org>
      Gerrit-Reviewer: Damien Neil <dn...@google.com>
      Gerrit-Reviewer: Nicholas Husin <n...@golang.org>
      Gerrit-Attention: Nicholas Husin <n...@golang.org>
      Gerrit-Comment-Date: Tue, 30 Jun 2026 21:06:36 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: Yes
      Comment-In-Reply-To: Damien Neil <dn...@google.com>
      Comment-In-Reply-To: Nicholas Husin <n...@golang.org>
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy
      Reply all
      Reply to author
      Forward
      0 new messages