Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 8420:2bf17a829ddc quic
Require ":authority" or "Host" in HTTP/3 and HTTP/2 requests.
Also, if both are present, require that they have the same value. These
requirements are specified in HTTP/3 draft 28.
Current implementation of HTTP/2 treats ":authority" and "Host"
interchangeably. New checks only make sure at least one of these values is
present in the request. A similar check existed earlier and was limited only
to HTTP/1.1 in 38c0898b6df7.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Fri, 29 May 2020 12:42:23 +0300 |
parents | 7995cd199b52 |
children | 833898b35b24 |
comparison
equal
deleted
inserted
replaced
8419:cb149fa03367 | 8420:2bf17a829ddc |
---|---|
2063 "client sent HTTP/1.1 request without \"Host\" header"); | 2063 "client sent HTTP/1.1 request without \"Host\" header"); |
2064 ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); | 2064 ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
2065 return NGX_ERROR; | 2065 return NGX_ERROR; |
2066 } | 2066 } |
2067 | 2067 |
2068 if (r->http_version >= NGX_HTTP_VERSION_20) { | |
2069 if (r->headers_in.server.len == 0) { | |
2070 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | |
2071 "client sent HTTP request without " | |
2072 "\":authority\" or \"Host\" header"); | |
2073 ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); | |
2074 return NGX_ERROR; | |
2075 } | |
2076 | |
2077 if (r->headers_in.host) { | |
2078 if (r->headers_in.host->value.len != r->headers_in.server.len | |
2079 || ngx_memcmp(r->headers_in.host->value.data, | |
2080 r->headers_in.server.data, | |
2081 r->headers_in.server.len) | |
2082 != 0) | |
2083 { | |
2084 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | |
2085 "client sent HTTP request with different " | |
2086 "values of \":authority\" and \"Host\" headers"); | |
2087 ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); | |
2088 return NGX_ERROR; | |
2089 } | |
2090 } | |
2091 } | |
2092 | |
2068 if (r->headers_in.content_length) { | 2093 if (r->headers_in.content_length) { |
2069 r->headers_in.content_length_n = | 2094 r->headers_in.content_length_n = |
2070 ngx_atoof(r->headers_in.content_length->value.data, | 2095 ngx_atoof(r->headers_in.content_length->value.data, |
2071 r->headers_in.content_length->value.len); | 2096 r->headers_in.content_length->value.len); |
2072 | 2097 |