This repository contains a trivial helper for making secure HTTP-requests with golang.
Imagine you have a service to which users to submit tasks containing references to remote objects (HTTP-URLs).
- For example you might allow users to enter the location of a HTML document.
- Your service fetches that remote resource, then converts it to PDF, or similar.
- The results are then shown to the user.
Now imagine what happens if the user supplies URLs such as these, as input to your service:
This package allows you to prevent these inputs from being processed, easily.
Sample usage can be found in remotehttp_example_test.go.
This wrapper-library only considers the case of http
and https
schemas; if you're accepting URIs of your own you should absolutely sanity-check you've not been given something with a file://
, or ftp://
prefix (and more!)
Other things you'll want to consider:
- Resource limits such as timeout-handling.
- Resource limits such as whether to follow redirections, and if so how many.
Steve