From e7fb6998327277c8e3f9eb6598c6997888e2983d Mon Sep 17 00:00:00 2001 From: John Benediktsson Date: Wed, 12 Oct 2011 20:21:16 -0700 Subject: [PATCH] http.server: ignore preceding whitespace before request lines. Fixes #252. --- basis/http/server/server-tests.factor | 24 ++++++++++++++++++++++++ basis/http/server/server.factor | 3 ++- 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/basis/http/server/server-tests.factor b/basis/http/server/server-tests.factor index f47662bc90..c37687b26a 100644 --- a/basis/http/server/server-tests.factor +++ b/basis/http/server/server-tests.factor @@ -29,6 +29,11 @@ IN: http.server.tests unparse-content-type ] unit-test + +! RFC 2616: Section 19.3 +! The line terminator for message-header fields is the sequence CRLF. +! However, we recommend that applications, when parsing such headers, +! recognize a single LF as a line terminator and ignore the leading CR. [ t ] [ { "GET / HTTP/1.1" @@ -38,3 +43,22 @@ IN: http.server.tests } [ "\n" join ] [ "\r\n" join ] bi [ [ read-request ] with-string-reader ] bi@ = ] unit-test + +! RFC 2616: Section 4.1 +! In the interest of robustness, servers SHOULD ignore any empty +! line(s) received where a Request-Line is expected. In other words, if +! the server is reading the protocol stream at the beginning of a +! message and receives a CRLF first, it should ignore the CRLF. +[ + T{ request + { method "GET" } + { url URL" /" } + { version "1.0" } + { header H{ } } + { cookies V{ } } + { redirects 10 } + } +] [ + "\r\n\r\n\r\nGET / HTTP/1.0\r\n\r\n" + [ read-request ] with-string-reader +] unit-test diff --git a/basis/http/server/server.factor b/basis/http/server/server.factor index 3f129fecdc..44ee5f06c3 100644 --- a/basis/http/server/server.factor +++ b/basis/http/server/server.factor @@ -37,7 +37,8 @@ IN: http.server dup path>> "/" head? [ "Bad request: URL" throw ] unless ; inline : read-request-line ( request -- request ) - read-?crlf parse-request-line first3 + read-?crlf [ dup empty? ] [ drop read-?crlf ] while + parse-request-line first3 [ >>method ] [ >url check-absolute >>url ] [ >>version ] tri* ; : read-request-header ( request -- request )