net/http: update bundled golang.org/x/net/http2 [generated]

Pull in x/net CL 642606 and CL 643256 and regenerate h2_bundle.go: http2: disable extended CONNECT by default http2: encode :protocol pseudo-header before regular headers For #36905. Fixes #70728. Fixes #71128. [git-generate] go install golang.org/x/build/cmd/updatestd@latest go install golang.org/x/tools/cmd/bundle@latest updatestd -goroot=$(pwd) -branch=internal-branch.go1.24-vendor Change-Id: Id853cb96f8fc410956666f5c3ab4c5889c703503 Reviewed-on: https://go-review.googlesource.com/c/go/+/642398 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
2025-12-08 06:10:04 +00:00 · 2025-01-21 14:41:15 -05:00 · 2025-01-21 14:41:15 -05:00 · f6d17c5400
commit f6d17c5400
parent 3aa7c5ef01
4 changed files with 36 additions and 17 deletions
--- a/src/go.mod
+++ b/src/go.mod
@ -4,7 +4,7 @@ go 1.24

 require (
 	golang.org/x/crypto v0.30.0
-	golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1
+	golang.org/x/net v0.32.1-0.20250121202134-9a960c88dd98
 )

 require (
--- a/src/go.sum
+++ b/src/go.sum
@ -1,7 +1,7 @@
 golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY=
 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ=
-golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
+golang.org/x/net v0.32.1-0.20250121202134-9a960c88dd98 h1:36bTiCRO7f/J3t+LumnLTJDXqxsp1x6Q7754SsRD9u4=
+golang.org/x/net v0.32.1-0.20250121202134-9a960c88dd98/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs=
 golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
--- a/src/net/http/h2_bundle.go
+++ b/src/net/http/h2_bundle.go
@ -3509,11 +3509,19 @@ func http2canonicalHeader(v string) string {
 }

 var (
-	http2VerboseLogs                    bool
-	http2logFrameWrites                 bool
-	http2logFrameReads                  bool
-	http2inTests                        bool
-	http2disableExtendedConnectProtocol bool
+	http2VerboseLogs    bool
+	http2logFrameWrites bool
+	http2logFrameReads  bool
+	http2inTests        bool
+
+	// Enabling extended CONNECT by causes browsers to attempt to use
+	// WebSockets-over-HTTP/2. This results in problems when the server's websocket
+	// package doesn't support extended CONNECT.
+	//
+	// Disable extended CONNECT by default for now.
+	//
+	// Issue #71128.
+	http2disableExtendedConnectProtocol = true
 )

 func init() {
@ -3526,8 +3534,8 @@ func init() {
 		http2logFrameWrites = true
 		http2logFrameReads = true
 	}
-	if strings.Contains(e, "http2xconnect=0") {
-		http2disableExtendedConnectProtocol = true
+	if strings.Contains(e, "http2xconnect=1") {
+		http2disableExtendedConnectProtocol = false
 	}
 }

@ -9500,10 +9508,6 @@ func http2validateHeaders(hdrs Header) string {

 var http2errNilRequestURL = errors.New("http2: Request.URI is nil")

-func http2isNormalConnect(req *Request) bool {
-	return req.Method == "CONNECT" && req.Header.Get(":protocol") == ""
-}
-
 // requires cc.wmu be held.
 func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) {
 	cc.hbuf.Reset()
@ -9523,8 +9527,17 @@ func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trail
 		return nil, errors.New("http2: invalid Host header")
 	}

+	// isNormalConnect is true if this is a non-extended CONNECT request.
+	isNormalConnect := false
+	protocol := req.Header.Get(":protocol")
+	if req.Method == "CONNECT" && protocol == "" {
+		isNormalConnect = true
+	} else if protocol != "" && req.Method != "CONNECT" {
+		return nil, errors.New("http2: invalid :protocol header in non-CONNECT request")
+	}
+
 	var path string
-	if !http2isNormalConnect(req) {
+	if !isNormalConnect {
 		path = req.URL.RequestURI()
 		if !http2validPseudoPath(path) {
 			orig := path
@ -9561,10 +9574,13 @@ func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trail
 			m = MethodGet
 		}
 		f(":method", m)
-		if !http2isNormalConnect(req) {
+		if !isNormalConnect {
 			f(":path", path)
 			f(":scheme", req.URL.Scheme)
 		}
+		if protocol != "" {
+			f(":protocol", protocol)
+		}
 		if trailers != "" {
 			f("trailer", trailers)
 		}
@ -9621,6 +9637,9 @@ func (cc *http2ClientConn) encodeHeaders(req *Request, addGzipHeader bool, trail
 					}
 				}
 				continue
+			} else if k == ":protocol" {
+				// :protocol pseudo-header was already sent above.
+				continue
 			}

 			for _, v := range vv {
--- a/src/vendor/modules.txt
+++ b/src/vendor/modules.txt
@ -6,7 +6,7 @@ golang.org/x/crypto/cryptobyte
 golang.org/x/crypto/cryptobyte/asn1
 golang.org/x/crypto/internal/alias
 golang.org/x/crypto/internal/poly1305
-# golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1
+# golang.org/x/net v0.32.1-0.20250121202134-9a960c88dd98
 ## explicit; go 1.18
 golang.org/x/net/dns/dnsmessage
 golang.org/x/net/http/httpguts