fix(middleware): allow HTML rewrite for chunked and unknown-length bodies

Relax response-body gating so HTML and XHTML can be buffered when Transfer-Encoding is chunked-only, or when Content-Length is missing, while still rejecting non-identity encodings that are not chunked HTML and other non-HTML cases. Update modifyHTML to cap reads for unknown length, splice the original stream back when the cap is hit, and document the behavior in the package README. Extend tests for themed middleware and the rewrite gate.
2026-04-27 19:27:37 +02:00 · 2026-04-22 12:32:39 +08:00
parent 167d54ae57
commit dd33980d18
4 changed files with 107 additions and 19 deletions
--- a/internal/net/gphttp/middleware/modify_html.go
+++ b/internal/net/gphttp/middleware/modify_html.go
@@ -51,16 +51,38 @@ func (m *modifyHTML) modifyResponse(resp *http.Response) error {
 		return nil
 	}

-	// Skip modification for streaming/chunked responses to avoid blocking reads
-	// Unknown content length or any transfer encoding indicates streaming.
-	// if resp.ContentLength < 0 || len(resp.TransferEncoding) > 0 {
-	// 	log.Debug().Str("url", fullURL(resp.Request)).Strs("transfer-encoding", resp.TransferEncoding).Msg("skipping modification for streaming/chunked response")
-	// 	return nil
-	// }
-
 	// NOTE: do not put it in the defer, it will be used as resp.Body
-	content, release, err := httputils.ReadAllBody(resp)
-	resp.Body.Close()
+	var (
+		content []byte
+		release func([]byte)
+		err     error
+	)
+	if resp.ContentLength >= int64(maxModifiableBody) {
+		return nil
+	}
+
+	originalBody := resp.Body
+	if resp.ContentLength < 0 {
+		// tmp swap Body to LimitedReader
+		limited := io.LimitedReader{R: originalBody, N: int64(maxModifiableBody) + 1}
+		resp.Body = io.NopCloser(&limited)
+		content, release, err = httputils.ReadAllBody(resp)
+		// Successfully read N bytes
+		if err == nil && limited.N == 0 {
+			fullReader := io.NopCloser(io.MultiReader(bytes.NewReader(content), originalBody))
+			onClose := func() {
+				release(content)
+				_ = originalBody.Close()
+			}
+			resp.Body = ioutils.NewHookReadCloser(fullReader, onClose)
+			resp.ContentLength = -1
+			resp.Header.Del("Content-Length")
+			return nil
+		}
+	} else {
+		content, release, err = httputils.ReadAllBody(resp)
+	}
+	_ = originalBody.Close()
 	if err != nil {
 		log.Err(err).Str("url", fullURL(resp.Request)).Msg("failed to read response body")
 		// Fail open: do not abort the response. Return an empty body safely.