fix(response): refine hijack behavior for response lifecycle

[appleboy]

• Clarify the error message for attempted hijack after response body data is written
• Modify hijack behavior: allow hijacking after headers are written (for better websocket compatibility), but block hijacking after any body data is sent
• Add comprehensive tests to validate allowed hijack after header write and disallowed hijack after body write

fix #4372

Pull Request Checklist

Please ensure your pull request meets the following requirements:

• Open your pull request against the master branch.
• All tests pass in available continuous integration systems (e.g., GitHub Actions).
• Tests are added or modified as needed to cover code changes.
• If the pull request introduces a new feature, the feature is documented in the docs/doc.md.

Thank you for contributing!

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.92%. Comparing base (3dc1cd6) to head (48e89fb).
⚠️ Report is 179 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4373      +/-   ##
==========================================
- Coverage   99.21%   98.92%   -0.29%     
==========================================
  Files          42       44       +2     
  Lines        3182     3442     +260     
==========================================
+ Hits         3157     3405     +248     
- Misses         17       26       +9     
- Partials        8       11       +3     

Flag	Coverage Δ
	?
--ldflags="-checklinkname=0" -tags sonic	98.91% <100.00%> (?)
-tags go_json	98.85% <100.00%> (?)
-tags nomsgpack	98.91% <100.00%> (?)
go-1.18	?
go-1.19	?
go-1.20	?
go-1.21	?
go-1.23	98.92% <100.00%> (?)
go-1.24	98.92% <100.00%> (?)
go-1.25	98.92% <100.00%> (?)
macos-latest	98.92% <100.00%> (-0.29%)	⬇️
ubuntu-latest	98.92% <100.00%> (-0.29%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull Request Overview

This PR refines the hijack behavior in Gin's response writer to improve WebSocket compatibility by allowing hijacking after headers are written but blocking it after response body data is sent.

• Modified hijack logic to check w.size > 0 instead of Written() to allow hijacking after header-only writes
• Updated error message to be more specific about when hijacking is blocked
• Added comprehensive tests validating the new hijack behavior patterns

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
response_writer.go	Updates hijack logic and error message to allow hijacking after headers but block after body data
response_writer_test.go	Adds comprehensive test cases validating the new hijack behavior for WebSocket compatibility

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[ohbibi-bhallion]

Thanks a lot for this fix !

[sverdlov93]

Hi @appleboy, any ETA for the release of this fix? 🙏

[claudioelefante]

Hello,
I'm in need of this fix to use coder/websocket with gin.
Any plan for releasing gin v1.12.0?
Thank you in advance