-
Notifications
You must be signed in to change notification settings - Fork 108
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Client should verify response content-type #679
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -511,6 +511,21 @@ func (cc *connectUnaryClientConn) validateResponse(response *http.Response) *Err | |
} | ||
cc.responseTrailer[strings.TrimPrefix(k, connectUnaryTrailerPrefix)] = v | ||
} | ||
err := connectValidateUnaryResponseContentType( | ||
cc.marshaler.codec.Name(), | ||
cc.duplexCall.Method(), | ||
response.StatusCode, | ||
response.Status, | ||
getHeaderCanonical(response.Header, headerContentType), | ||
) | ||
if err != nil { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can we scope There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I had not done so just because I find it a bit hard to read when the |
||
if IsNotModifiedError(err) { | ||
// Allow access to response headers for this kind of error. | ||
// RFC 9110 doesn't allow trailers on 304s, so we only need to include headers. | ||
err.meta = cc.responseHeader.Clone() | ||
} | ||
return err | ||
} | ||
compression := getHeaderCanonical(response.Header, connectUnaryHeaderCompression) | ||
if compression != "" && | ||
compression != compressionIdentity && | ||
|
@@ -522,12 +537,7 @@ func (cc *connectUnaryClientConn) validateResponse(response *http.Response) *Err | |
cc.compressionPools.CommaSeparatedNames(), | ||
) | ||
} | ||
if response.StatusCode == http.StatusNotModified && cc.Spec().IdempotencyLevel == IdempotencyNoSideEffects { | ||
serverErr := NewWireError(CodeUnknown, errNotModifiedClient) | ||
// RFC 9110 doesn't allow trailers on 304s, so we only need to include headers. | ||
serverErr.meta = cc.responseHeader.Clone() | ||
return serverErr | ||
} else if response.StatusCode != http.StatusOK { | ||
if response.StatusCode != http.StatusOK { | ||
unmarshaler := connectUnaryUnmarshaler{ | ||
reader: response.Body, | ||
compressionPool: cc.compressionPools.Get(compression), | ||
|
@@ -643,6 +653,14 @@ func (cc *connectStreamingClientConn) validateResponse(response *http.Response) | |
if response.StatusCode != http.StatusOK { | ||
return errorf(connectHTTPToCode(response.StatusCode), "HTTP status %v", response.Status) | ||
} | ||
err := connectValidateStreamResponseContentType( | ||
cc.codec.Name(), | ||
cc.spec.StreamType, | ||
getHeaderCanonical(response.Header, headerContentType), | ||
) | ||
if err != nil { | ||
return err | ||
} | ||
compression := getHeaderCanonical(response.Header, connectStreamingHeaderCompression) | ||
if compression != "" && | ||
compression != compressionIdentity && | ||
|
@@ -1324,3 +1342,64 @@ func queryValueReader(data string, base64Encoded bool) io.Reader { | |
} | ||
return strings.NewReader(data) | ||
} | ||
|
||
func connectValidateUnaryResponseContentType( | ||
requestCodecName string, | ||
httpMethod string, | ||
statusCode int, | ||
statusMsg string, | ||
responseContentType string, | ||
) *Error { | ||
if statusCode != http.StatusOK { | ||
if statusCode == http.StatusNotModified && httpMethod == http.MethodGet { | ||
return NewWireError(CodeUnknown, errNotModifiedClient) | ||
} | ||
// Error responses must be JSON-encoded. | ||
if responseContentType == connectUnaryContentTypePrefix+codecNameJSON || | ||
responseContentType == connectUnaryContentTypePrefix+codecNameJSONCharsetUTF8 { | ||
return nil | ||
} | ||
return NewError( | ||
connectHTTPToCode(statusCode), | ||
errors.New(statusMsg), | ||
) | ||
} | ||
// Normal responses must have valid content-type that indicates same codec as the request. | ||
responseCodecName := connectCodecFromContentType( | ||
StreamTypeUnary, | ||
responseContentType, | ||
) | ||
if responseCodecName == requestCodecName { | ||
return nil | ||
} | ||
// HACK: We likely want a better way to handle the optional "charset" parameter | ||
// for application/json, instead of hard-coding. But this suffices for now. | ||
if (responseCodecName == codecNameJSON && requestCodecName == codecNameJSONCharsetUTF8) || | ||
(responseCodecName == codecNameJSONCharsetUTF8 && requestCodecName == codecNameJSON) { | ||
// Both are JSON | ||
return nil | ||
} | ||
return errorf( | ||
CodeInternal, | ||
"invalid content-type: %q; expecting %q", | ||
responseContentType, | ||
connectUnaryContentTypePrefix+requestCodecName, | ||
) | ||
} | ||
|
||
func connectValidateStreamResponseContentType(requestCodecName string, streamType StreamType, responseContentType string) *Error { | ||
// Responses must have valid content-type that indicates same codec as the request. | ||
responseCodecName := connectCodecFromContentType( | ||
streamType, | ||
responseContentType, | ||
) | ||
if responseCodecName != requestCodecName { | ||
return errorf( | ||
CodeInternal, | ||
"invalid content-type: %q; expecting %q", | ||
responseContentType, | ||
connectStreamingContentTypePrefix+requestCodecName, | ||
) | ||
} | ||
return nil | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could this be moved into the validate response function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is. Do you mean inlined? I had made it a separate function to make it easier to test.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry misread, thought the method on the duplexcall was due to it not being part of this function, but thats for the request params.