moonbridge

diff moonbridge_http.lua @ 10:7e6faff049c3

find changesets by author, revision, files, or words in the commit message
Removed request.url; String in request.path does not contain a leading slash anymore; Stricter parsing of request targets
author jbe
date Thu Jan 29 16:07:56 2015 +0100 (2015-01-29)
parents 4d7551c962d5
children 44a13f4b706f
line diff
     1.1 --- a/moonbridge_http.lua	Thu Jan 29 15:14:58 2015 +0100
     1.2 +++ b/moonbridge_http.lua	Thu Jan 29 16:07:56 2015 +0100
     1.3 @@ -804,8 +804,8 @@
     1.4        if remaining_header_size_limit == 0 then
     1.5          return error_response("413 Request Entity Too Large", "Request line too long")
     1.6        end
     1.7 -      local proto
     1.8 -      request.method, request.target, proto =
     1.9 +      local target, proto
    1.10 +      request.method, target, proto =
    1.11          line:match("^([^ \t\r]+)[ \t]+([^ \t\r]+)[ \t]*([^ \t\r]*)[ \t]*\r?\n$")
    1.12        if not request.method then
    1.13          return error_response("400 Bad Request")
    1.14 @@ -865,20 +865,22 @@
    1.15              return error_response("417 Expectation Failed", "Unexpected Expect header")
    1.16            end
    1.17          end
    1.18 +        -- get mandatory Host header according to RFC 7230:
    1.19 +        request.host = request.headers_value["Host"]
    1.20 +        if not request.host then
    1.21 +          return error_response("400 Bad Request", "No valid host header")
    1.22 +        end
    1.23          -- parse request target:
    1.24 -        request.path, request.query = string.match(request.target, "^(/[^?]*)%??(.*)$")
    1.25 -        if request.path then
    1.26 -          request.host = request.headers_value["Host"]
    1.27 -          if not request.host then
    1.28 -            return error_response("400 Bad Request", "No valid host header")
    1.29 -          end
    1.30 -        else
    1.31 -          request.host, request.path, request.query = string.match(request.target, "^[Hh][Tt][Tt][Pp]://([^/?]+)/?([^?]*)%??(.*)$")
    1.32 -          if request.host then
    1.33 -            if request.host ~= request.headers_value["Host"] then
    1.34 +        request.path, request.query = string.match(target, "^/([^?]*)%??(.*)$")
    1.35 +        if not request.path then
    1.36 +          local host2
    1.37 +          host2, request.path, request.query = string.match(target, "^[Hh][Tt][Tt][Pp]://([^/?]+)/?([^?]*)%??(.*)$")
    1.38 +          if host2 then
    1.39 +            if request.host ~= host2 then
    1.40                return error_response("400 Bad Request", "No valid host header")
    1.41              end
    1.42 -            request.path = "/" .. request.path
    1.43 +          elseif not (target == "*" and request.method == "OPTIONS") then
    1.44 +            return error_response("400 Bad Request", "Invalid request target")
    1.45            end
    1.46          end
    1.47          -- parse GET params:

Impressum / About Us