From c40d5040cd577aa4ebe552242a06163fbcbc3d4b Mon Sep 17 00:00:00 2001
From: Luca Casonato <hello@lcas.dev>
Date: Mon, 11 Oct 2021 18:39:55 +0200
Subject: fix(http): don't expose body on GET/HEAD requests (#12260)

GET/HEAD requests can't have bodies according to `fetch` spec. This
commit changes the HTTP server to hide request bodies for requests with
GET or HEAD methods.
---
 cli/tests/unit/http_test.ts | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'cli')

diff --git a/cli/tests/unit/http_test.ts b/cli/tests/unit/http_test.ts
index fe6f1aba2..0f23a2bb5 100644
--- a/cli/tests/unit/http_test.ts
+++ b/cli/tests/unit/http_test.ts
@@ -67,6 +67,40 @@ unitTest({ permissions: { net: true } }, async function httpServerBasic() {
   await promise;
 });
 
+unitTest(
+  { permissions: { net: true } },
+  async function httpServerGetRequestBody() {
+    const promise = (async () => {
+      const listener = Deno.listen({ port: 4501 });
+      const conn = await listener.accept();
+      listener.close();
+      const httpConn = Deno.serveHttp(conn);
+      const e = await httpConn.nextRequest();
+      assert(e);
+      const { request, respondWith } = e;
+      assertEquals(request.body, null);
+      await respondWith(new Response("", { headers: {} }));
+      httpConn.close();
+    })();
+
+    const conn = await Deno.connect({ port: 4501 });
+    // Send GET request with a body + content-length.
+    const encoder = new TextEncoder();
+    const body =
+      `GET / HTTP/1.1\r\nHost: 127.0.0.1:4501\r\nContent-Length: 5\r\n\r\n12345`;
+    const writeResult = await conn.write(encoder.encode(body));
+    assertEquals(body.length, writeResult);
+
+    const resp = new Uint8Array(200);
+    const readResult = await conn.read(resp);
+    assertEquals(readResult, 115);
+
+    conn.close();
+
+    await promise;
+  },
+);
+
 unitTest(
   { permissions: { net: true } },
   async function httpServerStreamResponse() {
-- 
cgit v1.2.3