go/doc/next/6-stdlib/99-minor/net/http/httputil/73161.md

The [ReverseProxy.Director] configuration field is deprecated
in favor of [ReverseProxy.Rewrite].

A malicious client can remove headers added by a `Director` function
by designating those headers as hop-by-hop. Since there is no way to address
this problem within the scope of the `Director` API, we added a new
`Rewrite` hook in Go 1.20. `Rewrite` hooks are provided with both the
unmodified inbound request received by the proxy and the outbound request
which will be sent by the proxy.

Since the `Director` hook is fundamentally unsafe, we are now deprecating it.
net/http/httputil: deprecate ReverseProxy.Director The Director function has been superseded by Rewrite. Rewrite avoids fundamental security issues with hop-by-hop header handling in the Director API and has better default handling of X-Forwarded-* headers. Fixes #73161 Change-Id: Iadaf3070e0082458f79fb892ade51cb7ce832802 Reviewed-on: https://go-review.googlesource.com/c/go/+/708615 Reviewed-by: Nicholas Husin <husin@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Nicholas Husin <nsh@golang.org> 2025-10-02 09:42:57 -07:00			`The [ReverseProxy.Director] configuration field is deprecated`
			`in favor of [ReverseProxy.Rewrite].`

			A malicious client can remove headers added by a `Director` function
			`by designating those headers as hop-by-hop. Since there is no way to address`
			this problem within the scope of the `Director` API, we added a new
			`Rewrite` hook in Go 1.20. `Rewrite` hooks are provided with both the
			`unmodified inbound request received by the proxy and the outbound request`
			`which will be sent by the proxy.`

			Since the `Director` hook is fundamentally unsafe, we are now deprecating it.