diff options
| author | Vincent LE GOFF <g_n_s@hotmail.fr> | 2019-05-23 17:59:34 +0200 |
|---|---|---|
| committer | Ryan Dahl <ry@tinyclouds.org> | 2019-05-23 18:59:34 +0300 |
| commit | 632fbd7734e4c0662a1673b537def5fe474dece2 (patch) | |
| tree | 487fabb90caf57af4c8623704e08e77dfac98135 /http/server.ts | |
| parent | b7082f1640ec71b71bb3ec24d9d5a63d2173605c (diff) | |
http: fix content-length checking (denoland/deno_std#437)
Original: https://github.com/denoland/deno_std/commit/ce4e3ccdc3f9838d2f286007fa55cf5064a93f44
Diffstat (limited to 'http/server.ts')
| -rw-r--r-- | http/server.ts | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/http/server.ts b/http/server.ts index b49e23b15..baccaacfb 100644 --- a/http/server.ts +++ b/http/server.ts @@ -196,6 +196,25 @@ export class ServerRequest { } } +function fixLength(req: ServerRequest): void { + const contentLength = req.headers.get("Content-Length"); + if (contentLength) { + const arrClen = contentLength.split(","); + if (arrClen.length > 1) { + const distinct = [...new Set(arrClen.map((e): string => e.trim()))]; + if (distinct.length > 1) { + throw Error("cannot contain multiple Content-Length headers"); + } else { + req.headers.set("Content-Length", distinct[0]); + } + } + const c = req.headers.get("Content-Length"); + if (req.method === "HEAD" && c && c !== "0") { + throw Error("http: method cannot contain a Content-Length"); + } + } +} + export async function readRequest( bufr: BufReader ): Promise<[ServerRequest, BufState]> { @@ -211,6 +230,11 @@ export async function readRequest( } [req.method, req.url, req.proto] = firstLine.split(" ", 3); [req.headers, err] = await tp.readMIMEHeader(); + fixLength(req); + // TODO(zekth) : add parsing of headers eg: + // rfc: https://tools.ietf.org/html/rfc7230#section-3.3.2 + // A sender MUST NOT send a Content-Length header field in any message + // that contains a Transfer-Encoding header field. return [req, err]; } |