Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add setting to control parsing of headers #1550

Closed
richdougherty opened this issue Nov 24, 2017 · 3 comments
Closed

Add setting to control parsing of headers #1550

richdougherty opened this issue Nov 24, 2017 · 3 comments
Labels
play-akka-http-integration t:core Issues related to the akka-http-core module t:http:client t:server Issues related to the HTTP server
Milestone
10.0.11

Comments

@richdougherty
Copy link
Contributor

In Play 2.6 we switched from Netty to Akka HTTP as the default HTTP backend. This has led to a number of bugs because of the different way that Akka HTTP handles headers compared to Netty. Netty headers are raw string whereas Akka HTTP uses type-safe objects for many headers. These type safe objects are parsed from the underlying header values according to the their specification.

Type-safe headers are a good idea in principle but it runs into problems when:

  1. Play users need to send/receive non-spec compliant headers (HTTP header 'Authorization: XXXXXXXX' is not allowed in responses playframework/playframework#7549)
  2. Akka HTTP isn't currently spec-compliant (Fix Content-Disposition filename handling playframework/playframework#7515, Illegal header: Illegal 'user-agent' playframework/playframework#7997, Incorrect Filename when downloading from Play 2.6 application Ask Question playframework/playframework#7501)
  3. Akka HTTP is spec compliant, but there is more than one way to be spec compliant and Play users need to send/receive headers in a specific way (Provide raw headers when using akka-http backend playframework/playframework#7737, Akka HTTP backend strips quotes out of link headers playframework/playframework#7733, Authorization header contents are modified (double-quotes are removed) #966, Support multipart Content-Type in results playframework/playframework#7498)

Akka HTTP does make it possible to use RawHeaders. Play uses RawHeaders for HTTP responses, but we can't use RawHeaders when receiving requests, since the header objects are created internally by Akka HTTP inside the header parsing code.

My suggestion is that we add a new setting to Akka HTTP to give Play (and other users) more control over how HTTP headers are parsed. Here are a few ideas for how a setting could work:

  1. A Boolean setting that switches Akka HTTP into "raw" mode - all headers are parsed as RawHeaders.
  2. A String => Boolean setting that maps header names to a Boolean value, giving more fine-grained control over which headers can be parsed into typed headers and which should be parsed as RawHeaders.
  3. A HeaderParser => HeaderParser (e.g. where type HeaderParser = (String, String) => Either[ErrorResult, HttpHeader]) setting that allows the user to override the default HeaderParser logic and patch their own logic in. This trivially allows replacing all headers with ReadHeaders. Users would also be able to continue to use typed headers and even alter the parsing logic for those headers if they need.
This was referenced Nov 24, 2017
Closed
Closed
Closed
Closed
@jrudolph
Copy link
Member

Thanks, @richdougherty for filing this ticket. We also thought about moving more of the header parsing out of the core to the higher levels. I guess for now (and for play's purposes) the simplest thing would be to add the simple boolean setting that disables header parsing for most headers (a few basic ones like Content-Length, Content-Type etc need to be parsed for consumption in the core).

@jrudolph jrudolph added 2 - pick next Used to mark issues which are next up in the queue to be worked on. The tag is non-binding play-akka-http-integration t:core Issues related to the akka-http-core module t:http:client t:server Issues related to the HTTP server 3 - in progress Someone is working on this ticket and removed 2 - pick next Used to mark issues which are next up in the queue to be worked on. The tag is non-binding labels Nov 29, 2017
jrudolph added a commit to jrudolph/akka-http that referenced this issue Nov 29, 2017
@jrudolph
+htc akka#1550 allow disabling of parsing to modeled headers
7eaa150
jrudolph added a commit to jrudolph/akka-http that referenced this issue Nov 29, 2017
@jrudolph
+htc akka#1550 allow disabling of parsing to modeled headers
f0aca4d
@johanandren johanandren mentioned this issue Nov 30, 2017
Merged
jrudolph added a commit that referenced this issue Nov 30, 2017
@jrudolph
Merge pull request #1577 from jrudolph/jr/w/1550-disable-header-parsi…
a365fdc 
…ng-for-most-headers

+htc #1550 allow disabling of parsing to modeled headers
@jrudolph jrudolph added this to the 10.0.11 milestone Nov 30, 2017
@jrudolph
Copy link
Member

Fixed by #1577 which introduces a flag implementing the first option of adding a setting to disable parsing of all headers.

@richdougherty
Copy link
Contributor Author

Thanks @jrudolph!

@ktoso ktoso removed the 3 - in progress Someone is working on this ticket label Dec 4, 2017
@richdougherty richdougherty mentioned this issue Jan 31, 2018
Closed
@arempter arempter mentioned this issue Jul 19, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
play-akka-http-integration t:core Issues related to the akka-http-core module t:http:client t:server Issues related to the HTTP server
Projects
None yet
Milestone
10.0.11
Development

No branches or pull requests
3 participants
@jrudolph @richdougherty @ktoso