Added small hacks to work around tests disabled by #1630 #1862
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dmpetroff
force-pushed
the
dp-1630-h2-host-processing
branch
from
0453105
to
de8d891
Compare
dmpetroff
force-pushed
the
dp-1630-h2-host-processing
branch
2 times, most recently
from
bc27332
to
a54930c
Compare
krizhanovsky
requested changes
Apr 18, 2023
dmpetroff
force-pushed
the
dp-1630-h2-host-processing
branch
from
60b42f0
to
f4e58d3
Compare
krizhanovsky
requested changes
Apr 24, 2023
| return TFW_STR_EMPTY(&authority) || TFW_STR_EMPTY(&host) | ||
| || tfw_strcmp(&authority, &host) == 0; | ||
| } | ||
|
|
There was a problem hiding this comment.
Let's do these validations in extract_req_host():
tfw_http_req_process()is already too big- there is no sense to check the request version twice and spread the logic among many places (we already have the frang check)
const-t
requested changes
Apr 26, 2023
krizhanovsky
requested changes
Apr 27, 2023
There was a problem hiding this comment.
There are still couple of not addressed comments and couple of a new comments to fix.
The logic looks good for me and I'd vote to fix it in the wiki (@const-t approve is required though).
dmpetroff
force-pushed
the
dp-1630-h2-host-processing
branch
from
e722ea3
to
5dde7e8
Compare
const-t
reviewed
Apr 28, 2023
fw/http_limits.c
Outdated
Comment on lines
688
to
689
| " from Host header", | ||
| &FRANG_ACC2CLI(ra)->addr, "\n"); |
There was a problem hiding this comment.
&FRANG_ACC2CLI(ra)->addr not properly aligned. Also we may do not break string argument even if it wider than 80.
const-t
reviewed
May 1, 2023
fw/http_limits.c
Outdated
Comment on lines
686
to
688
| frang_msg("Request host from absolute URI differs" | ||
| " from Host header", | ||
| &FRANG_ACC2CLI(ra)->addr, "\n"); |
There was a problem hiding this comment.
Suggested change
| frang_msg("Request host from absolute URI differs" | |
| " from Host header", | |
| &FRANG_ACC2CLI(ra)->addr, "\n"); | |
| frang_msg("Request host from absolute URI differs" | |
| " from Host header", | |
| &FRANG_ACC2CLI(ra)->addr, "\n"); |
krizhanovsky
reviewed
May 4, 2023
| @@ -1025,7 +1025,7 @@ | |||
| # http_header_cnt NUM; | |||
| # http_header_chunk_cnt NUM; | |||
| # http_body_chunk_cnt NUM; | |||
| # http_host_required true|false; | |||
| # http_strict_host_checking true|false; | |||
There was a problem hiding this comment.
Please fix all the Wiki docs by
tempesta.wiki$ grep http_host_required *
HTTP-security.md:`http_host_required [true|false]`
HTTP-security.md~:`http_host_required [true|false]`
HTTP-security.md.orig:`http_host_required [true|false]`
grep: scripts: Is a directory
grep: _static: Is a directory
grep: _templates: Is a directory
Vhost-Confusion.md: http_host_required;
Virtual-hosts-and-locations.md:* http_host_required
const-t
approved these changes
May 5, 2023
| * HTTP/2 because it cannot have an absolute URI. | ||
| * Also this MUST be removed after #1870 is complete*/ | ||
| if (test_bit(TFW_HTTP_B_ABSOLUTE_URI, req->flags)) { | ||
| TfwStr host; |
There was a problem hiding this comment.
Please add new line after host declaration.
dmpetroff
force-pushed
the
dp-1630-h2-host-processing
branch
from
ba0d303
to
03f9d96
Compare
added 22 commits
May 10, 2023 17:17
- fixed panic when host/authority headers are empty - moved absolute uri/host headers equality check to frang
dmpetroff
force-pushed
the
dp-1630-h2-host-processing
branch
from
eb3c9b9
to
ea83be6
Compare
This was referenced May 11, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current (27.04.2023) state of PR:
req->hostakapicked_authorityis selected from request data in the following priority:absoluteURI(HTTP/1.1 and earlier versions):authorityheader (HTTP/2)Hostheader (all version)req->hostis now used for cache key calculation.Hard-coded checks (
check_authority_correctness()):Hostheader MUST be present even when request comes in form of an absolute-URI (HTTP/1.1)Frang check had been update accordingly:
:authority == Host(HTTP/2) or (host_from_absolute_uri == Host) (HTTP/1.1)host_from_forwarded_header == picked_authority(both HTTP/1.1 and HTTP/2)