Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #76204: CONNECT method is partially supported #3220

Closed
wants to merge 1 commit into from

Conversation

@cmb69
Copy link
Contributor

cmb69 commented Apr 18, 2018

The built-in Webserver recognizes the CONNECT method, but does not
handle it in any way. Since support for HTTP tunneling is out of scope
for the built-in Webserver, we unrecognize the verb, which results in
an "HTTP/1.1 501 Not Implemented" response.

The built-in Webserver recognizes the CONNECT method, but does not
handle it in any way.  Since support for HTTP tunneling is out of scope
for the built-in Webserver, we unrecognize the verb, which results in
an "HTTP/1.1 501 Not Implemented" response.
@cmb69

This comment has been minimized.

Copy link
Contributor Author

cmb69 commented Apr 18, 2018

We should also have a closer look at the other "pathological" methods.

@nikic

This comment has been minimized.

Copy link
Member

nikic commented Apr 26, 2018

Is there any way in which the application code could still manually support this?

I think based on previous discussions our consensus was basically that we want to move towards not validating methods at all and let the application decide, and this PR would go in the opposite direction.

@cmb69

This comment has been minimized.

Copy link
Contributor Author

cmb69 commented Apr 26, 2018

Is there any way in which the application code could still manually support this?

It might somehow be possible that a router script supports the CONNECT method, so the built-in webserver could be used as proxy, but I can't see why anybody would use the built-in webserver as proxy in the first place, since that likely would require that the router script has to do all the work except for parsing the request.

OTOH, responding with 501 might still enable the requesting application to deal with it.

@cmb69

This comment has been minimized.

Copy link
Contributor Author

cmb69 commented Sep 3, 2018

Well, I guess that we should have an RFC regarding which HTTP methods we want to support. At least presently, I don't have the time for this, so I'm closing this PR for now.

@cmb69 cmb69 closed this Sep 3, 2018
@cmb69 cmb69 deleted the cmb69:bug-76204 branch Sep 3, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
2 participants
You can’t perform that action at this time.