From 632fbd7734e4c0662a1673b537def5fe474dece2 Mon Sep 17 00:00:00 2001
From: Vincent LE GOFF <g_n_s@hotmail.fr>
Date: Thu, 23 May 2019 17:59:34 +0200
Subject: http: fix content-length checking (denoland/deno_std#437)

Original: https://github.com/denoland/deno_std/commit/ce4e3ccdc3f9838d2f286007fa55cf5064a93f44
---
 http/server.ts | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'http/server.ts')

diff --git a/http/server.ts b/http/server.ts
index b49e23b15..baccaacfb 100644
--- a/http/server.ts
+++ b/http/server.ts
@@ -196,6 +196,25 @@ export class ServerRequest {
   }
 }
 
+function fixLength(req: ServerRequest): void {
+  const contentLength = req.headers.get("Content-Length");
+  if (contentLength) {
+    const arrClen = contentLength.split(",");
+    if (arrClen.length > 1) {
+      const distinct = [...new Set(arrClen.map((e): string => e.trim()))];
+      if (distinct.length > 1) {
+        throw Error("cannot contain multiple Content-Length headers");
+      } else {
+        req.headers.set("Content-Length", distinct[0]);
+      }
+    }
+    const c = req.headers.get("Content-Length");
+    if (req.method === "HEAD" && c && c !== "0") {
+      throw Error("http: method cannot contain a Content-Length");
+    }
+  }
+}
+
 export async function readRequest(
   bufr: BufReader
 ): Promise<[ServerRequest, BufState]> {
@@ -211,6 +230,11 @@ export async function readRequest(
   }
   [req.method, req.url, req.proto] = firstLine.split(" ", 3);
   [req.headers, err] = await tp.readMIMEHeader();
+  fixLength(req);
+  // TODO(zekth) : add parsing of headers eg:
+  // rfc: https://tools.ietf.org/html/rfc7230#section-3.3.2
+  // A sender MUST NOT send a Content-Length header field in any message
+  // that contains a Transfer-Encoding header field.
   return [req, err];
 }
 
-- 
cgit v1.2.3