nginx: src/http/ngx_http_request.c comparison

comparison src/http/ngx_http_request.c @ 7876:b290610bf812

Moved TRACE method rejection to a better place. Previously, TRACE requests were rejected before parsing Transfer-Encoding. This is not important since keepalive is not enabled at this point anyway, though rejecting such requests after properly parsing other headers is less likely to cause issues in case of further code changes.

author	Maxim Dounin <mdounin@mdounin.ru>
date	Mon, 28 Jun 2021 18:01:00 +0300
parents	5f765427c17a
children	63c66b7cc07c

comparison

equal deleted inserted replaced

-:0c5e84096d99
+:b290610bf812
 ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
 return NGX_ERROR;
 }
 }
-if (r->method == NGX_HTTP_TRACE) {
-ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
-"client sent TRACE method");
-ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
-return NGX_ERROR;
-}
 if (r->headers_in.transfer_encoding) {
 if (r->headers_in.transfer_encoding->value.len == 7
 && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data,
 (u_char *) "chunked", 7) == 0)
 {
 if (r->headers_in.keep_alive) {
 r->headers_in.keep_alive_n =
 ngx_atotm(r->headers_in.keep_alive->value.data,
 r->headers_in.keep_alive->value.len);
 }
+}
+if (r->method == NGX_HTTP_TRACE) {
+ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+"client sent TRACE method");
+ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
+return NGX_ERROR;
 }
 return NGX_OK;
 }

Mercurial > hg > nginx

comparison src/http/ngx_http_request.c @ 7876:b290610bf812