moonbridge
changeset 10:7e6faff049c3
Removed request.url; String in request.path does not contain a leading slash anymore; Stricter parsing of request targets
author | jbe |
---|---|
date | Thu Jan 29 16:07:56 2015 +0100 (2015-01-29) |
parents | 757902555204 |
children | 0c951f8ee92b |
files | example_application.lua moonbridge_http.lua reference.txt |
line diff
1.1 --- a/example_application.lua Thu Jan 29 15:14:58 2015 +0100 1.2 +++ b/example_application.lua Thu Jan 29 16:07:56 2015 +0100 1.3 @@ -61,14 +61,14 @@ 1.4 1.5 if request.method == "GET" or request.method == "HEAD" then 1.6 1.7 - if request.path == "/" then 1.8 + if request.path == "" then 1.9 request:send_status("303 See Other") 1.10 request:send_header("Location", "http://" .. request.headers_value.host .. "/example_webpage.html") 1.11 1.12 else 1.13 - local document_name = string.match(request.path, "^/(.*)$") 1.14 + local document_name = request.path 1.15 local document_extension = string.match(document_name, "%.([^.])$") 1.16 - local document = documents[string.match(request.path, "^/(.*)$")] 1.17 + local document = documents[document_name] 1.18 if document then 1.19 request:send_status("200 OK") 1.20 1.21 @@ -88,7 +88,7 @@ 1.22 1.23 elseif request.method == "POST" then 1.24 1.25 - if request.path == "/post_example" then 1.26 + if request.path == "post_example" then 1.27 local files = {} 1.28 do 1.29 local file
2.1 --- a/moonbridge_http.lua Thu Jan 29 15:14:58 2015 +0100 2.2 +++ b/moonbridge_http.lua Thu Jan 29 16:07:56 2015 +0100 2.3 @@ -804,8 +804,8 @@ 2.4 if remaining_header_size_limit == 0 then 2.5 return error_response("413 Request Entity Too Large", "Request line too long") 2.6 end 2.7 - local proto 2.8 - request.method, request.target, proto = 2.9 + local target, proto 2.10 + request.method, target, proto = 2.11 line:match("^([^ \t\r]+)[ \t]+([^ \t\r]+)[ \t]*([^ \t\r]*)[ \t]*\r?\n$") 2.12 if not request.method then 2.13 return error_response("400 Bad Request") 2.14 @@ -865,20 +865,22 @@ 2.15 return error_response("417 Expectation Failed", "Unexpected Expect header") 2.16 end 2.17 end 2.18 + -- get mandatory Host header according to RFC 7230: 2.19 + request.host = request.headers_value["Host"] 2.20 + if not request.host then 2.21 + return error_response("400 Bad Request", "No valid host header") 2.22 + end 2.23 -- parse request target: 2.24 - request.path, request.query = string.match(request.target, "^(/[^?]*)%??(.*)$") 2.25 - if request.path then 2.26 - request.host = request.headers_value["Host"] 2.27 - if not request.host then 2.28 - return error_response("400 Bad Request", "No valid host header") 2.29 - end 2.30 - else 2.31 - request.host, request.path, request.query = string.match(request.target, "^[Hh][Tt][Tt][Pp]://([^/?]+)/?([^?]*)%??(.*)$") 2.32 - if request.host then 2.33 - if request.host ~= request.headers_value["Host"] then 2.34 + request.path, request.query = string.match(target, "^/([^?]*)%??(.*)$") 2.35 + if not request.path then 2.36 + local host2 2.37 + host2, request.path, request.query = string.match(target, "^[Hh][Tt][Tt][Pp]://([^/?]+)/?([^?]*)%??(.*)$") 2.38 + if host2 then 2.39 + if request.host ~= host2 then 2.40 return error_response("400 Bad Request", "No valid host header") 2.41 end 2.42 - request.path = "/" .. request.path 2.43 + elseif not (target == "*" and request.method == "OPTIONS") then 2.44 + return error_response("400 Bad Request", "Invalid request target") 2.45 end 2.46 end 2.47 -- parse GET params:
3.1 --- a/reference.txt Thu Jan 29 15:14:58 2015 +0100 3.2 +++ b/reference.txt Thu Jan 29 16:07:56 2015 +0100 3.3 @@ -268,8 +268,13 @@ 3.4 3.5 ### request.path 3.6 3.7 -The requested path, e.g. "/index.html", without the query part (that starts 3.8 -with a question mark, see request.query and request.url). 3.9 +The requested path without a leading slash and without the query part (e.g. 3.10 +"index.html" if "/index.html?a=b&c=d" has been requested). For the query part, 3.11 +see request.query. 3.12 + 3.13 +This value will be nil if (and only if) the request method is "OPTIONS" with a 3.14 +request target equal to "*" (see also asterisk-form of request-target in 3.15 +section 5.3.4 in RFC 7230). 3.16 3.17 3.18 ### request.post_metadata 3.19 @@ -300,9 +305,15 @@ 3.20 3.21 ### request.query 3.22 3.23 -Query part of request path without the leading question mark, e.g. "a=b&c=d" if 3.24 -request.path is "index.html?a=b&c=d". The data is automatically parsed and made 3.25 -available through request.get_params and request.get_params_list. 3.26 +Query part of the request target without the leading question mark, e.g. 3.27 +"a=b&c=d" if the requested target is "/index.html?a=b&c=d". The data is 3.28 +automatically parsed and made available through request.get_params and 3.29 +request.get_params_list. 3.30 + 3.31 +If there is no query part given in the request target, then this string is 3.32 +the empty string. This value will be nil if (and only if) the request method 3.33 +is "OPTIONS" with a request target equal to "*" (see also asterisk-form of 3.34 +request-target in section 5.3.4 in RFC 7230). 3.35 3.36 3.37 ### request:process_request_body() 3.38 @@ -403,9 +414,3 @@ 3.39 given. 3.40 3.41 3.42 -### request.url 3.43 - 3.44 -The requested URL. This value is automatically split up into request.path and 3.45 -request.query using the question mark as delimiter. The 3.46 - 3.47 -