walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Validate :path on SPDY frontend 

Unless method is CONNECT, we require that :path starts with "/",
except for OPTIONS method, which can take "*" as :path (server-wide
OPTIONS request).
This commit is contained in:
Tatsuhiro Tsujikawa 2015-06-16 00:09:22 +09:00
parent d2e81da9e2
commit 5b51320dc5
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/shrpx_spdy_upstream.cc
View File

@ -215,6 +215,14 @@ void on_ctrl_recv_callback(spdylay_session *session, spdylay_frame_type type,
return;
}
// For other than CONNECT method, path must start with "/", except
// for OPTIONS method, which can take "*" as path.
if (!is_connect && path->value[0] != '/' &&
(method_token != HTTP_OPTIONS || path->value != "*")) {
upstream->rst_stream(downstream, SPDYLAY_PROTOCOL_ERROR);
return;
}
downstream->set_request_method(method_token);
if (is_connect) {
downstream->set_request_http2_authority(path->value);