Invalid Read on closed Body with certain bodies #144
Description
Welcome!
- Yes, I've searched similar issues on GitHub and didn't find any.
What did you do?
When doing a HTTP POST a request with a certain body
POST /aze HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: multipart/form-data; boundary=d1151a93a3007ebf-f02190187c44a8c6-bd59b64781bf3c60-cc7681c349f84180
Host: XXXXX:2222
User-Agent: xh/0.22.2
--d1151a93a3007ebf-f02190187c44a8c6-bd59b64781bf3c60-cc7681c349f84180
Content-Disposition: form-data; name="body"; filename="test.yml"
test: azertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazerty
test: azertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazerty
test: azertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazerty
test: azertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazerty
--d1151a93a3007ebf-f02190187c44a8c6-bd59b64781bf3c60-cc7681c349f84180--
the whoami server returns http: invalid Read on closed Body
Returned body:
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Date: Sun, 23 Mar 2025 22:45:19 GMT
Transfer-Encoding: chunked
Hostname: XXXXX
IP: XXXXX
IP: XXXXX
IP: XXXXX
IP: XXXXX
IP: XXXXX
IP: XXXXX
IP: XXXXX
RemoteAddr: XXXXX
POST /aze HTTP/1.1
Host: XXXXX:2222
User-Agent: xh/0.22.2
Content-Length: 602
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Content-Type: multipart/form-data; boundary=d1151a93a3007ebf-f02190187c44a8c6-bd59b64781bf3c60-cc7681c349f84180
--d1151a93a3007ebf-f02190187c44a8c6-bd59b64781bf3c60-cc7681c349f84180
Content-Disposition: form-data; name="body"; filename="test.yml"
test: azertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazerty
test: azertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazerty
test: azertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazerty
test: azertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazertyazerhttp: invalid Read on closed Body
What were you expecting?
The body should be returned without a http: invalid Read on closed Body error
What version are you using?
v1.11.0
What is your environment & configuration?
./whoami -port 2222 -verbose
If applicable, please paste the log output in DEBUG level
2025/03/23 23:45:19 http: superfluous response.WriteHeader call from main.whoamiHandler (app.go:242)
2025/03/23 23:45:19 127.0.0.1:41320 - - [23/Mar/2025:23:45:19 +0100] "POST /aze HTTP/1.1" - -
Reading the body directly could fix the issue
For example the following patch seems to fix the issue
diff --git c/app.go i/app.go
index 0849b03..cf9f489 100644
--- c/app.go
+++ i/app.go
@@ -237,10 +237,11 @@ func whoamiHandler(w http.ResponseWriter, r *http.Request) {
_, _ = fmt.Fprintf(w, "Certificate[%d] Subject: %v\n", i, cert.Subject)
}
}
-
- if err := r.Write(w); err != nil {
- http.Error(w, err.Error(), http.StatusInternalServerError)
- return
+ _, _ = fmt.Fprintln(w, r.Method, r.URL.Path, r.Proto)
+ for name, headers := range r.Header {
+ for _, h := range headers {
+ _, _ = fmt.Fprintf(w, "%v: %v\n", name, h)
+ }
}
if ok, _ := strconv.ParseBool(queryParams.Get("env")); ok {
@@ -248,6 +249,13 @@ func whoamiHandler(w http.ResponseWriter, r *http.Request) {
_, _ = fmt.Fprintln(w, env)
}
}
+ body, err := io.ReadAll(r.Body)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ w.Write([]byte("\n"))
+ w.Write(body)
}
func apiHandler(w http.ResponseWriter, r *http.Request) {