summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_router.h
diff options
context:
space:
mode:
authorValentin Bartenev <vbart@nginx.com>2020-11-17 16:50:06 +0300
committerValentin Bartenev <vbart@nginx.com>2020-11-17 16:50:06 +0300
commitfb80502513bf0140c5e595714967f75ea3e1e5d3 (patch)
treeaaae048262ab410d3fad7912e1dcbaf233188b79 /src/nxt_router.h
parente7d66acda726490fb7b8da03f0d4788857918d5a (diff)
downloadunit-fb80502513bf0140c5e595714967f75ea3e1e5d3.tar.gz
unit-fb80502513bf0140c5e595714967f75ea3e1e5d3.tar.bz2
HTTP parser: allowed more characters in header field names.
Previously, all requests that contained in header field names characters other than alphanumeric, or "-", or "_" were rejected with a 400 "Bad Request" error response. Now, the parser allows the same set of characters as specified in RFC 7230, including: "!", "#", "$", "%", "&", "'", "*", "+", ".", "^", "`", "|", and "~". Header field names that contain only these characters are considered valid. Also, there's a new option introduced: "discard_unsafe_fields". It accepts boolean value and it is set to "true" by default. When this option is "true", all header field names that contain characters in valid range, but other than alphanumeric or "-" are skipped during parsing. When the option is "false", these header fields aren't skipped. Requests with non-valid characters in header field names according to RFC 7230 are rejected regardless of "discard_unsafe_fields" setting. This closes #422 issue on GitHub.
Diffstat (limited to '')
-rw-r--r--src/nxt_router.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/nxt_router.h b/src/nxt_router.h
index 512f1810..5804840f 100644
--- a/src/nxt_router.h
+++ b/src/nxt_router.h
@@ -191,6 +191,8 @@ typedef struct {
nxt_str_t body_temp_path;
+ uint8_t discard_unsafe_fields; /* 1 bit */
+
#if (NXT_TLS)
nxt_tls_conf_t *tls;
#endif