You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was writing a redirect from a login page but received a 404 not found, no matching route error. After some debugging it seems like iron/hyper parses the request body as the method of the next request.
To reproduce:
$ cat src/main.rs
extern crate iron;
extern crate router;
use iron::prelude::*;
struct ErrorHandler;
impl iron::AfterMiddleware for ErrorHandler {
fn catch(&self, req: &mut Request, err: IronError) -> IronResult<Response> {
println!("{:?}", req);
Err(err)
}
}
fn main() {
let mut router = router::Router::new();
router.get("/", |_req: &mut Request| Ok(iron::Response::with((iron::status::Ok, "ok"))), "index");
router.post("/login", |_req: &mut Request| {
let mut res = iron::Response::new();
res.headers.set(iron::headers::Location("/".to_string()));
res.set_mut(iron::status::SeeOther);
Ok(res)
}, "login");
let mut server = Chain::new(router);
server.link_after(ErrorHandler);
Iron::new(server).http("localhost:3000");
}
$ curl -v -L -d "foobar" http://localhost:3000/login
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 3000 (#0)
> POST /login HTTP/1.1
> Host: localhost:3000
> User-Agent: curl/7.58.0
> Accept: */*
> Content-Length: 6
> Content-Type: application/x-www-form-urlencoded>
* upload completely sent off: 6 out of 6 bytes
< HTTP/1.1 303 See Other
< Location: /
< Content-Length: 0
< Date: Mon, 05 Feb 2018 11:35:40 GMT
<
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:3000/'
* Disables POST, goes with GET
* Found bundle for host localhost: 0xb6b06240 [can pipeline]
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (127.0.0.1) port 3000 (#0)
> GET / HTTP/1.1
> Host: localhost:3000
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Length: 0
< Date: Mon, 05 Feb 2018 11:35:40 GMT
<
* Connection #0 to host localhost left intact
$ cargo run
Finished dev [unoptimized + debuginfo] target(s) in 13.78 secs
Running `target/debug/iron-bug`
Request {
url: Url { generic_url: "http://localhost:3000/" }
method: Extension("foobarGET")
remote_addr: V4(127.0.0.1:40435)
local_addr: V4(127.0.0.1:3000)
}
The "foobarGET" looks quite supicious. I guess I could fix it by adding code that reads all of the request body before I return a response, but I think this is a quite severe bug in iron or hyper and can result in other hard to find bugs.
The text was updated successfully, but these errors were encountered:
I was writing a redirect from a login page but received a 404 not found, no matching route error. After some debugging it seems like iron/hyper parses the request body as the method of the next request.
To reproduce:
The "foobarGET" looks quite supicious. I guess I could fix it by adding code that reads all of the request body before I return a response, but I think this is a quite severe bug in iron or hyper and can result in other hard to find bugs.
The text was updated successfully, but these errors were encountered: