Return "431 Request Header Fields Too Large" for long headers on HTTP/1 #4655
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Motivation: Netty HTTP/1 codec raises `TooLongHttpHeaderException` if headers exceed the max length limit. However, `Http1RequestDecoder` does not take account into `TooLongHttpLineException` and returns "400 Bad Request" instead. Modifications: - Make `Http1RequestDecoder` return `431 Request Header Fields Too Large` if a Netty HttpRequest fails with `TooLongHttpHeaderException` Result: - "431 Request Header Fields Too Large" is now returned instead of `400 Bad Request` if the size of header exceeds `ServerBuilder.http1MaxHeaderSize()`. - Fixes line#4609
jrhee17
approved these changes
Feb 8, 2023
| @@ -151,6 +152,9 @@ public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception | |||
| final Throwable cause = nettyReq.decoderResult().cause(); | |||
| if (cause instanceof TooLongHttpLineException) { | |||
| fail(id, null, HttpStatus.REQUEST_URI_TOO_LONG, "Too Long URI", cause); | |||
| } else if (cause instanceof TooLongHttpHeaderException) { | |||
There was a problem hiding this comment.
double checked that TooLongHttpHeaderException is not related to TooLongHttpLineException, so it doesn't matter which if statement is checked first 👍
| @@ -151,6 +152,9 @@ public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception | |||
| final Throwable cause = nettyReq.decoderResult().cause(); | |||
| if (cause instanceof TooLongHttpLineException) { | |||
| fail(id, null, HttpStatus.REQUEST_URI_TOO_LONG, "Too Long URI", cause); | |||
| } else if (cause instanceof TooLongHttpHeaderException) { | |||
| fail(id, null, HttpStatus.REQUEST_HEADER_FIELDS_TOO_LARGE, "Too Long Header Fields", | |||
There was a problem hiding this comment.
How about just using the default message for the http status?
Suggested change
| fail(id, null, HttpStatus.REQUEST_HEADER_FIELDS_TOO_LARGE, "Too Long Header Fields", | |
| fail(id, null, HttpStatus.REQUEST_HEADER_FIELDS_TOO_LARGE, "Request Header Fields Too Large", |
|
Thanks @ikhoon ! 🙇 👍 🙇 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation:
Netty HTTP/1 codec raises
TooLongHttpHeaderExceptionif headers exceed the max length limit. However,Http1RequestDecoderdoes not take account intoTooLongHttpLineExceptionand returns "400 Bad Request" instead.Modifications:
Http1RequestDecoderreturn431 Request Header Fields Too Largeif a Netty HttpRequest fails withTooLongHttpHeaderExceptionResult:
431 Request Header Fields Too Largeis now returned instead of400 Bad Requestif the size of headers exceedsServerBuilder.http1MaxHeaderSize().