Issue #7250 - Correct HostHeaderCustomizer logic and add new RejectMissingAuthorityCustomizer
#7292
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
+ Fixes HostHeaderCustomizer to only do Host header on non-HTTP/1.1 + Introduces RejectMissingAuthorityCustomizer + Adds modules + xml for both Signed-off-by: Joakim Erdfelt <[email protected]>
joakime
changed the title
HostHeaderCustomizer logic and add new RejectMissingAuthorityCustomizer
joakime
added
Specification
gregw
requested changes
Dec 16, 2021
Comment on lines
+69
to
+83
| String hostHeaderValue = request.getHeader("Host"); | ||
|
|
||
| // No Host Header | ||
| if (request.getHttpVersion().getVersion() != HttpVersion.HTTP_1_1.getVersion() && | ||
| hostHeaderValue == null) | ||
| { | ||
| if (request.getHttpURI().isAbsolute()) | ||
| { | ||
| request.getHttpFields().put(HttpHeader.HOST, request.getHttpURI().getAuthority()); | ||
| } | ||
| else | ||
| { | ||
| request.getHttpFields().put(HttpHeader.HOST, hostValue); | ||
| } | ||
| } |
There was a problem hiding this comment.
Since getHeader is a linear lookup, it is best to avoid doing it if possible, and then to use efficient non string lookup:
Suggested change
| String hostHeaderValue = request.getHeader("Host"); | |
| // No Host Header | |
| if (request.getHttpVersion().getVersion() != HttpVersion.HTTP_1_1.getVersion() && | |
| hostHeaderValue == null) | |
| { | |
| if (request.getHttpURI().isAbsolute()) | |
| { | |
| request.getHttpFields().put(HttpHeader.HOST, request.getHttpURI().getAuthority()); | |
| } | |
| else | |
| { | |
| request.getHttpFields().put(HttpHeader.HOST, hostValue); | |
| } | |
| } | |
| // If not 1.1 and no Host Header | |
| if (request.getHttpVersion().getVersion() != HttpVersion.HTTP_1_1.getVersion() && | |
| !request.getHttpFields().contains(HttpHeader.HOST)) | |
| { | |
| if (request.getHttpURI().isAbsolute()) | |
| { | |
| request.getHttpFields().put(HttpHeader.HOST, request.getHttpURI().getAuthority()); | |
| } | |
| else | |
| { | |
| request.getHttpFields().put(HttpHeader.HOST, hostValue); | |
| } | |
| } |
Comment on lines
+65
to
+80
| if (host != null) | ||
| { | ||
| if (!(host instanceof HostPortHttpField) && StringUtil.isNotBlank(host.getValue())) | ||
| { | ||
| return true; | ||
| } | ||
|
|
||
| if (host instanceof HostPortHttpField) | ||
| { | ||
| HostPortHttpField authority = (HostPortHttpField)host; | ||
| metadata.getURI().setAuthority(authority.getHost(), authority.getPort()); | ||
| if (StringUtil.isNotBlank(authority.getHost())) | ||
| return true; | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
I think this way reduces the number of tests in the hot path:
Suggested change
| if (host != null) | |
| { | |
| if (!(host instanceof HostPortHttpField) && StringUtil.isNotBlank(host.getValue())) | |
| { | |
| return true; | |
| } | |
| if (host instanceof HostPortHttpField) | |
| { | |
| HostPortHttpField authority = (HostPortHttpField)host; | |
| metadata.getURI().setAuthority(authority.getHost(), authority.getPort()); | |
| if (StringUtil.isNotBlank(authority.getHost())) | |
| return true; | |
| } | |
| } | |
| } | |
| if (host != null) | |
| if (host instanceof HostPortHttpField) | |
| { | |
| HostPortHttpField authority = (HostPortHttpField)host; | |
| metadata.getURI().setAuthority(authority.getHost(), authority.getPort()); | |
| if (StringUtil.isNotBlank(authority.getHost())) | |
| return true; | |
| } | |
| else if (host != null && StringUtil.isNotBlank(host.getValue())) | |
| { | |
| return true; | |
| } | |
| } |
|
@gregw would this be good for |
|
@gregw bump do you want to see this for |
|
Note keen on any changes to behaviour in jetty-9. Does the sponsor still require this? |
|
Nope. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a minimal version of the draft PR #7251
header on non-HTTP/1.1
Signed-off-by: Joakim Erdfelt [email protected]