Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 7893:7a6afd584eb4
Disabled HTTP/1.0 requests with Transfer-Encoding.
The latest HTTP/1.1 draft describes Transfer-Encoding in HTTP/1.0 as having
potentially faulty message framing as that could have been forwarded without
handling of the chunked encoding, and forbids processing subsequest requests
over that connection: https://github.com/httpwg/http-core/issues/879.
While handling of such requests is permitted, the most secure approach seems
to reject them.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 09 Aug 2021 18:12:12 +0300 |
| parents | e0fdd75871e4 |
| children | 61abb35bb8cf fac88e160653 |
comparison
equal
deleted
inserted
replaced
| 7892:34a3a1a2d197 | 7893:7a6afd584eb4 |
|---|---|
| 1981 return NGX_ERROR; | 1981 return NGX_ERROR; |
| 1982 } | 1982 } |
| 1983 } | 1983 } |
| 1984 | 1984 |
| 1985 if (r->headers_in.transfer_encoding) { | 1985 if (r->headers_in.transfer_encoding) { |
| 1986 if (r->http_version < NGX_HTTP_VERSION_11) { | |
| 1987 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | |
| 1988 "client sent HTTP/1.0 request with " | |
| 1989 "\"Transfer-Encoding\" header"); | |
| 1990 ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); | |
| 1991 return NGX_ERROR; | |
| 1992 } | |
| 1993 | |
| 1986 if (r->headers_in.transfer_encoding->value.len == 7 | 1994 if (r->headers_in.transfer_encoding->value.len == 7 |
| 1987 && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, | 1995 && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, |
| 1988 (u_char *) "chunked", 7) == 0) | 1996 (u_char *) "chunked", 7) == 0) |
| 1989 { | 1997 { |
| 1990 if (r->headers_in.content_length) { | 1998 if (r->headers_in.content_length) { |