Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Non-handling of accept-encoding header when the value does not conform to the specification #3466

Closed
geoand opened this issue Mar 31, 2017 · 1 comment
Assignees
Milestone

Comments

@geoand
Copy link

@geoand geoand commented Mar 31, 2017

Greetings,

We have been successfully using Hapi.js (version 16.1.0 on Node 6.9.1 and Debian Jessie) in production for a while now.
Recently however we encountered strange entries in our logs. Specifically we started seeing a bunch of the following entries:

Error: Unknown encoding Error: Invalid accept-encoding header

After much digging we where able to reproduce the issue using the following curl command

POC and details removed by hapi contributor

It then seems like Hapi is using the Boom object as the actual encoding with ultimately makes the framework fail the following assertion (in lib/compression.js)

Hoek.assert(encoder !== undefined, `Unknown encoding ${encoding}`);

The end-result is that the client that initiated the (erroneous) request is left hanging, since the framework never responds.
Personally I don't care one bit about the client not receiving a response, however the fact that no response is produced results in various error logs in Internet-facing reverse proxies (in the form of timeouts).

I could create a PR that fixes this issue, but am hesitant to do so since I don't know what the behavior should be in this case.
Should the appropriate response be an HTTP 400 response, or something else (like using one of the correctly specified encodings)?
It seems to me however that the current (non-) handling of such erroneous requests is not the desired behavior.

Regards,
George

@geoand geoand changed the title Non-handling of accept-encoding header when the value does not conform to the regex Non-handling of accept-encoding header when the value does not conform to the spec-compliant regex Mar 31, 2017
@geoand geoand changed the title Non-handling of accept-encoding header when the value does not conform to the spec-compliant regex Non-handling of accept-encoding header when the value does not conform to the specification Mar 31, 2017
@hueniverse hueniverse self-assigned this Mar 31, 2017
@hueniverse hueniverse added the bug label Mar 31, 2017
@hueniverse hueniverse added this to the 16.1.1 milestone Mar 31, 2017
hueniverse added a commit that referenced this issue Mar 31, 2017
@geoand
Copy link
Author

@geoand geoand commented Apr 3, 2017

👍

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants