-
Notifications
You must be signed in to change notification settings - Fork 594
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add setting to control parsing of headers #1550
Comments
Thanks, @richdougherty for filing this ticket. We also thought about moving more of the header parsing out of the core to the higher levels. I guess for now (and for play's purposes) the simplest thing would be to add the simple boolean setting that disables header parsing for most headers (a few basic ones like |
…ng-for-most-headers +htc #1550 allow disabling of parsing to modeled headers
Fixed by #1577 which introduces a flag implementing the first option of adding a setting to disable parsing of all headers. |
Thanks @jrudolph! |
In Play 2.6 we switched from Netty to Akka HTTP as the default HTTP backend. This has led to a number of bugs because of the different way that Akka HTTP handles headers compared to Netty. Netty headers are raw string whereas Akka HTTP uses type-safe objects for many headers. These type safe objects are parsed from the underlying header values according to the their specification.
Type-safe headers are a good idea in principle but it runs into problems when:
Akka HTTP does make it possible to use
RawHeader
s. Play usesRawHeader
s for HTTP responses, but we can't useRawHeader
s when receiving requests, since the header objects are created internally by Akka HTTP inside the header parsing code.My suggestion is that we add a new setting to Akka HTTP to give Play (and other users) more control over how HTTP headers are parsed. Here are a few ideas for how a setting could work:
Boolean
setting that switches Akka HTTP into "raw" mode - all headers are parsed asRawHeader
s.String => Boolean
setting that maps header names to aBoolean
value, giving more fine-grained control over which headers can be parsed into typed headers and which should be parsed asRawHeader
s.HeaderParser => HeaderParser
(e.g. wheretype HeaderParser = (String, String) => Either[ErrorResult, HttpHeader]
) setting that allows the user to override the defaultHeaderParser
logic and patch their own logic in. This trivially allows replacing all headers withReadHeader
s. Users would also be able to continue to use typed headers and even alter the parsing logic for those headers if they need.The text was updated successfully, but these errors were encountered: