fix(http): don't expose body on GET/HEAD requests (#12260)

GET/HEAD requests can't have bodies according to `fetch` spec. This commit changes the HTTP server to hide request bodies for requests with GET or HEAD methods.
author: Luca Casonato <hello@lcas.dev> 2021-10-11 18:39:55 +0200
committer: GitHub <noreply@github.com> 2021-10-11 18:39:55 +0200
commit: c40d5040cd577aa4ebe552242a06163fbcbc3d4b (patch)
tree: a3161729708e68d6de9a5b73e4f0d78ae7a8b536 /ext/http/lib.rs
parent: 70978fd05a2ef8b5035a2e829c21cdc13c05ac5b (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/ext/http/lib.rs b/ext/http/lib.rs
index a4e908537..09874fccc 100644
--- a/ext/http/lib.rs
+++ b/ext/http/lib.rs
@@ -29,6 +29,7 @@ use hyper::http;
 use hyper::server::conn::Http;
 use hyper::service::Service as HyperService;
 use hyper::Body;
+use hyper::Method;
 use hyper::Request;
 use hyper::Response;
 use serde::Deserialize;
@@ -243,13 +244,11 @@ fn prepare_next_request(
   let url = req_url(&req, scheme, addr)?;
 
   let is_websocket = is_websocket_request(&req);
-  let has_body = if let Some(exact_size) = req.size_hint().exact() {
-    exact_size > 0
-  } else {
-    true
-  };
+  let can_have_body = !matches!(*req.method(), Method::GET | Method::HEAD);
+  let has_body =
+    is_websocket || (can_have_body && req.size_hint().exact() != Some(0));
 
-  let maybe_request_rid = if is_websocket || has_body {
+  let maybe_request_rid = if has_body {
     let request_rid = state.resource_table.add(RequestResource {
       conn_rid,
       inner: AsyncRefCell::new(RequestOrStreamReader::Request(Some(req))),
author	Luca Casonato <hello@lcas.dev>	2021-10-11 18:39:55 +0200
committer	GitHub <noreply@github.com>	2021-10-11 18:39:55 +0200
commit	c40d5040cd577aa4ebe552242a06163fbcbc3d4b (patch)
tree	a3161729708e68d6de9a5b73e4f0d78ae7a8b536 /ext/http/lib.rs
parent	70978fd05a2ef8b5035a2e829c21cdc13c05ac5b (diff)