feat: Expose new lenient methods. (#246)

* feat: Expose new lenient methods. * fix: Added trailing semi.
nodejs · Sep 13, 2023 · ac66b89 · ac66b89
1 parent d3beef2
commit ac66b89
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -361,6 +361,8 @@ Normally `llhttp` would error when a CR is not followed by LF when terminating t
 request line, the status line, the headers or a chunk header.
 With this flag only a CR is required to terminate such sections.
 
+**Enabling this flag can pose a security issue since you will be exposed to request smuggling attacks. USE WITH CAUTION!**
+
 ### `void llhttp_set_lenient_optional_cr_before_lf(llhttp_t* parser, int enabled)`
 
 Enables/disables lenient handling of line separators.

diff --git a/src/native/api.h b/src/native/api.h
@@ -269,7 +269,7 @@ void llhttp_set_lenient_keep_alive(llhttp_t* parser, int enabled);
  * avoid request smuggling.
  * With this flag the extra value will be parsed normally.
  *
- * **Enabling this flag can pose a security issue since you will be exposed to 
+ * **Enabling this flag can pose a security issue since you will be exposed to
  * request smuggling attacks. USE WITH CAUTION!**
  */
 LLHTTP_EXPORT
@@ -312,6 +312,19 @@ void llhttp_set_lenient_data_after_close(llhttp_t* parser, int enabled);
 LLHTTP_EXPORT
 void llhttp_set_lenient_optional_lf_after_cr(llhttp_t* parser, int enabled);
 
+/*
+ * Enables/disables lenient handling of line separators.
+ *
+ * Normally `llhttp` would error when a LF is not preceded by CR when terminating the
+ * request line, the status line, the headers, a chunk header or a chunk data.
+ * With this flag only a LF is required to terminate such sections.
+ *
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * request smuggling attacks. USE WITH CAUTION!**
+ */
+LLHTTP_EXPORT
+void llhttp_set_lenient_optional_cr_before_lf(llhttp_t* parser, int enabled);
+
 /* Enables/disables lenient handling of chunks not separated via CRLF.
  *
  * Normally `llhttp` would error when after a chunk data a CRLF is missing before
@@ -324,6 +337,18 @@ void llhttp_set_lenient_optional_lf_after_cr(llhttp_t* parser, int enabled);
 LLHTTP_EXPORT
 void llhttp_set_lenient_optional_crlf_after_chunk(llhttp_t* parser, int enabled);
 
+/* Enables/disables lenient handling of spaces after chunk size.
+ *
+ * Normally `llhttp` would error when after a chunk size is followed by one or more
+ * spaces are present instead of a CRLF or `;`.
+ * With this flag this check is disabled.
+ *
+ * **Enabling this flag can pose a security issue since you will be exposed to
+ * request smuggling attacks. USE WITH CAUTION!**
+ */
+LLHTTP_EXPORT
+void llhttp_set_lenient_spaces_after_chunk_size(llhttp_t* parser, int enabled);
+
 #ifdef __cplusplus
 }  /* extern "C" */
 #endif