Skip to content

Allow setting custom headers on client #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 16, 2021
Merged

Allow setting custom headers on client #47

merged 2 commits into from
Sep 16, 2021
+16 −10

Conversation

717a56e1
Copy link

No description provided.

@717a56e1 717a56e1 mentioned this pull request Sep 14, 2021
Closed
@dvdplm dvdplm requested review from maciejhirsz and jsdw September 14, 2021 16:16
jsdw
jsdw reviewed Sep 14, 2021
View reviewed changes
src/handshake/client.rs
self.buffer.extend_from_slice(b"\r\n");
self.buffer.extend_from_slice(h.name.as_bytes());
self.buffer.extend_from_slice(b": ");
self.buffer.extend_from_slice(h.value);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm just wondering here; should we do anything about custom header values possibly containing newlines and such, or perhaps add a comment somewhere to note that we shouldn't accept untrusted input or something?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, now I read it more, I can see that they probably are sanitzed via httparse!

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with adding a note since it takes a slice of a type with public fields.
I.e. I had jsonrpsee with

	pub fn custom_header(mut self, name: &'a str, value: &'a [u8]) -> Self {
		self.headers.push(Header{name, value});
		self
	}

which essentially doesn't perform any checks. I'm a big fan of http's HeaderMap, both for performance and for its' clean API. Requires a bit more space for the construction of the map, however.

@jsdw jsdw self-requested a review September 15, 2021 08:40
@jsdw
Copy link
Contributor

jsdw commented Sep 15, 2021

I had a think about this, and looked at https://datatracker.ietf.org/doc/html/rfc7230#section-3.2 and at how httparse parses header values (https://docs.rs/httparse/1.5.1/src/httparse/lib.rs.html#673). It's a shame that httparse doesn't really expose a way to check header names/values individually for validity.

With that in mind, I think it's best to keep it simple here, and just stick a warning on set_headers that states that it's the callers responsibility to provide valid header names and values that don't conflict with those generated internally.

If that was done, I'd be happy with this. I can see that it could be useful to return some custom details to a client, so the PR makes sense to me!

niklasad1
niklasad1 reviewed Sep 15, 2021
View reviewed changes
src/handshake/client.rs
pub fn set_origin(&mut self, o: &'a str) -> &mut Self {
self.origin = Some(o);
/// Set connection headers to a slice.
pub fn set_headers(&mut self, h: &'a [Header]) -> &mut Self {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we re-export httparse::Header as this is now exposed in the public API?

maciejhirsz
maciejhirsz reviewed Sep 15, 2021
View reviewed changes
Copy link
Contributor

@maciejhirsz maciejhirsz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 on re-exporting the Header from httparse. We could do some validation on headers in debug mode, but I'm also not sure it's all that necessary. We could provide an enum with all commonly used header names, but that still leaves the values to be open to potentially arbitrary sanitized values.

@717a56e1
Copy link
Author

717a56e1 commented Sep 15, 2021
edited
Loading

@maciejhirsz I think it's cleanest to leave that up to consuming implementations. We're capping the number of headers the server will take at 32 so the linear scan

soketto/src/handshake.rs

Line 62 in 4ec22f2

fn with_first_header<'a, F, R>(headers: &[httparse::Header<'a>], name: &str, f: F) -> Result<R, Error>
doesn't hurt.

@dvdplm dvdplm merged commit bda411b into paritytech:develop Sep 16, 2021
This was referenced Sep 29, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maciejhirsz maciejhirsz

@niklasad1 niklasad1

@dvdplm dvdplm

@jsdw jsdw

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@717a56e1 @jsdw @dvdplm @maciejhirsz @niklasad1 @v-23