httpx

pkg/httpx

Fork 0

Commit Graph

Author	SHA1	Message	Date
Aleksey Shakhmatov	b5259af73e	Honor RoundTripper contract in middleware; validate incoming X-Request-Id BearerAuth, BasicAuth and DefaultHeaders mutated the caller's request, which violates the RoundTripper contract and risks races on shared/retried requests; clone before writing headers (matching RequestID). Validate the incoming X-Request-Id (length and character set) before propagating it to logs and the response header, preventing log forging and header splitting from a client-controlled value.	2026-05-23 13:47:38 +03:00
Aleksey Shakhmatov	a90c4cd7fa	Add standard middlewares: logging, headers, auth, and panic recovery - Logging: structured slog output with method, URL, status, duration - DefaultHeaders/UserAgent: inject headers without overwriting existing - BearerAuth/BasicAuth: per-request token resolution and static credentials - Recovery: catches panics in the RoundTripper chain	2026-03-20 14:22:14 +03:00

Author

SHA1

Message

Date

Aleksey Shakhmatov

b5259af73e

Honor RoundTripper contract in middleware; validate incoming X-Request-Id

BearerAuth, BasicAuth and DefaultHeaders mutated the caller's request, which
violates the RoundTripper contract and risks races on shared/retried requests;
clone before writing headers (matching RequestID). Validate the incoming
X-Request-Id (length and character set) before propagating it to logs and the
response header, preventing log forging and header splitting from a
client-controlled value.

2026-05-23 13:47:38 +03:00

Aleksey Shakhmatov

a90c4cd7fa

Add standard middlewares: logging, headers, auth, and panic recovery

- Logging: structured slog output with method, URL, status, duration
- DefaultHeaders/UserAgent: inject headers without overwriting existing
- BearerAuth/BasicAuth: per-request token resolution and static credentials
- Recovery: catches panics in the RoundTripper chain

2026-03-20 14:22:14 +03:00

2 Commits