目录

报错信息

解决方法有两种

最终解决方案

测试情况

参考文档

报错信息

http: URL query contains semicolon, which is no longer a supported separator; parts of the query may be stripped when parsed; see golang.org/issue/25192

 高版本http废除了分号做分隔符,会在http库中做报警输出,基础库代码如下:

func (sh serverHandler) ServeHTTP(rw ResponseWriter, req *Request) {

handler := sh.srv.Handler

if handler == nil {

handler = DefaultServeMux

}

if req.RequestURI == "*" && req.Method == "OPTIONS" {

handler = globalOptionsHandler{}

}

if req.URL != nil && strings.Contains(req.URL.RawQuery, ";") {

var allowQuerySemicolonsInUse int32

req = req.WithContext(context.WithValue(req.Context(), silenceSemWarnContextKey, func() {

atomic.StoreInt32(&allowQuerySemicolonsInUse, 1)

}))

defer func() {

if atomic.LoadInt32(&allowQuerySemicolonsInUse) == 0 {

sh.srv.logf("http: URL query contains semicolon, which is no longer a supported separator; parts of the query may be stripped when parsed; see golang.org/issue/25192")

}

}()

}

handler.ServeHTTP(rw, req)

}

解决方法有两种

1、http中不要用分号做分隔符,不要含有分号

2、调用库函数http.AllowQuerySemicolons()允许分号,解除报错

由于项目历史版本缘故,无法完全做到第1点,需要做第2点来补充。如果直接调用http.AllowQuerySemicolons,发现其就是简单粗暴将分号直接替换成&(代码如下),从而可能会引发后续http body解析报错

func AllowQuerySemicolons(h Handler) Handler {

return HandlerFunc(func(w ResponseWriter, r *Request) {

if silenceSemicolonsWarning, ok := r.Context().Value(silenceSemWarnContextKey).(func()); ok {

silenceSemicolonsWarning()

}

if strings.Contains(r.URL.RawQuery, ";") {

r2 := new(Request)

*r2 = *r

r2.URL = new(url.URL)

*r2.URL = *r.URL

r2.URL.RawQuery = strings.ReplaceAll(r.URL.RawQuery, ";", "&")

h.ServeHTTP(w, r2)

} else {

h.ServeHTTP(w, r)

}

})

}

最终解决方案

1、将http内容中的分号替换,并记录位置

2、调用http.AllowQuerySemicolons,解除报警输出

3、将1中被替换的分号还原

4、调用handler处理函数,解析参数,进行业务逻辑

最终代码如下:

package main

import (

"context"

"fmt"

"net/http"

"regexp"

"strings"

"time"

"unsafe"

)

// BytesToString converts byte slice to string.

func BytesToString(b []byte) string {

return *(*string)(unsafe.Pointer(&b))

}

func MarkQuerySemicolons(h http.Handler) http.HandlerFunc {

return func(w http.ResponseWriter, r *http.Request) {

if strings.Contains(r.URL.RawQuery, ";") {

// 正则匹配 将原url中的';'索引位置标记放到context中

semicolonsIndexes := regexp.MustCompile(";").FindAllStringIndex(r.URL.RawQuery, -1)

// 索引信息放到context中 在具体处理方法前再根据context中存的下标还原';'的位置

r = r.WithContext(context.WithValue(r.Context(), "semicolonMarks", semicolonsIndexes))

r.URL.RawQuery = strings.ReplaceAll(r.URL.RawQuery, ";", "&")

h.ServeHTTP(w, r)

} else {

h.ServeHTTP(w, r)

}

}

}

func RecoverRawQuerySemicolons(next http.Handler) http.Handler {

return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

marksContextV := r.Context().Value("semicolonMarks")

semicolonsIndexes, ok := marksContextV.([][]int)

if ok {

urlReduceSemicolons := []byte(r.URL.RawQuery)

for _, index := range semicolonsIndexes {

if len(index) != 0 {

urlReduceSemicolons[index[0]] = ';'

}

}

r.URL.RawQuery = BytesToString(urlReduceSemicolons)

}

next.ServeHTTP(w, r)

})

}

func HandleRawQuerySemicolons(next http.Handler) http.HandlerFunc {

return MarkQuerySemicolons(http.AllowQuerySemicolons(RecoverRawQuerySemicolons(next)))

}

func Health(w http.ResponseWriter, r *http.Request) {

fmt.Println(r.URL.Path, r.URL.RawQuery)

w.Write([]byte("ok"))

}

func main() {

http.HandleFunc("/health", HandleRawQuerySemicolons(http.HandlerFunc(Health)))

http.HandleFunc("/health2", Health)

s := &http.Server{

Addr: ":10099",

Handler: nil,

ReadTimeout: time.Second,

WriteTimeout: time.Second,

MaxHeaderBytes: 1 << 20,

}

if err := s.ListenAndServe(); err != nil {

fmt.Println(err.Error())

}

}

测试情况

分别请求

http://127.0.0.1:10099/health?a=1;b=2

http://127.0.0.1:10099/health2?a=1;b=2

Health中输出如下: 

/health a=1;b=2

/health2 a=1;b=2

2023/05/16 15:17:18 http: URL query contains semicolon, which is no longer a supported separator; parts of the query may be stripped when parsed; see golang.org/issue/25192

 测试OK。直接调用Health,引发了报错信息。用HandleRawQuerySemicolons包装的没有报错,且url内容正常。

参考文档

https://www.cnblogs.com/tinfy/archive/2023/01/13/17049049.html

推荐链接

评论可见,请评论后查看内容,谢谢!!!
 您阅读本篇文章共花了: