Earlier this week, I thought I stumbled across a bug in the go standard library. Earlier this week, I was wrong. While browsing the net/http sources, I spotted what appears to be an index out of range in calls to http.Request.BasicAuth(). Decoding func parseBasicAuth(): If the value string has prefix “Basic “ base64 decode the remainder of the string find the index of the first colon (:) in the decoded result return username and password as the substrings before and after the colon, respectively But wait - what if there’s nothing after the colon?
Edit: Thanks to /u/epiris for pointing out that I actually posted a server-side code example, not client side. I think I got distracted while finishing off the post… completely missing the point! Whoops. Code sample is fixed now. At work this week, I was tasked with updating a couple of older internal go applications currently serving HTTP to serve HTTPS instead. Generally, go makes this a pretty simple task and there are plenty of existing guides on the web that cover the process, so I won’t bore you with it here.