Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FastHTTP doesn't strip tabs from header values #1808

Closed
kenballus opened this issue Jul 17, 2024 · 1 comment
Closed

FastHTTP doesn't strip tabs from header values #1808

kenballus opened this issue Jul 17, 2024 · 1 comment
Labels
help wanted

Comments

@kenballus
Copy link

When FastHTTP receives a header value suffixed or prefixed with tabs, they should be stripped according to the RFCs. This is what nearly all other HTTP implementations do, including AIOHTTP, Apache httpd, Cheroot, Go net/http, H2O, HAProxy, Hyper, Hypercorn, Jetty, Libsoup, Lighttpd, Mongoose, Netty, Node.js, LiteSpeed, Passenger, Tomcat, Tornado, Twisted, Unicorn, Uvicorn, Waitress, and WEBrick.

Instead, FastHTTP allows the tabs to persist into the header value.

This can be confirmed by

  1. running a FastHTTP server that echos header values (like this one),
  2. sending it a request with a header value prefixed and suffixed with tabs, and extracting the echoed header value:
printf 'GET / HTTP/1.1\r\nHost: whatever\r\nTest: \t abc \t\r\n\r\n' \
    | nc localhost 80 | grep '"headers"' \
    | jq '.["headers"][1][1]' \
    | xargs echo \
    | base64 -d  \
    | xxd
00000000: 0920 6162 6320 09                        . abc .

Notably, spaces are correctly stripped. Presumably, the patch should change this function to strip tabs in addition to spaces.
ksw2000 added a commit to ksw2000/fasthttp that referenced this issue Jul 22, 2024
@ksw2000
Fix RequestHeader parser (valyala#1808)
4b4e634 
When FastHTTP receives a header value suffixed or prefixed with tabs, they should be stripped.
@ksw2000 ksw2000 mentioned this issue Jul 22, 2024
Merged
ksw2000 added a commit to ksw2000/fasthttp that referenced this issue Jul 24, 2024
@ksw2000
Add test for header parser including tabs (valyala#1808)
8d514b9
@pajod pajod mentioned this issue Jul 25, 2024
Closed
erikdubbelboer pushed a commit that referenced this issue Jul 28, 2024
@ksw2000
Fix header parser (#1808) (#1810)
ed6a27a 
* Fix RequestHeader parser (#1808)

When FastHTTP receives a header value suffixed or prefixed with tabs, they should be stripped.

* Remove redundant code

* Add test for header parser including tabs (#1808)
@erikdubbelboer
Copy link
Collaborator

Fixed in #1808

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erikdubbelboer @kenballus