Permalink
Browse files

Revert "Disable input buffering when 'Connection: Upgrade' header is …

…set."

This reverts commit df8d020.

After some thinking this is not a good idea. An attacker can abuse this
feature to disable input buffering, resulting in a DoS. It's probably
best to require explicit disabling of input buffering in the config.
  • Loading branch information...
1 parent df8d020 commit 6ddbb5534b14b0dd8e7f5429608fd7700f7caeea @FooBarWidget FooBarWidget committed Apr 2, 2013
Showing with 0 additions and 10 deletions.
  1. +0 −10 ext/common/agents/HelperAgent/RequestHandler.h
@@ -1544,16 +1544,6 @@ class RequestHandler {
modified = true;
}
- /* If "Connection: Upgrade" then turn off input buffering. */
-
- if ((it = map.find("HTTP_CONNECTION")) != end) {
- if (it->second == "Upgrade" || it->second == "upgrade") {
- RH_TRACE(client, 2, "HTTP 'Connection: Upgrade' detected; disabling input buffering.");
- map["PASSENGER_BUFFERING"] = "false";
- modified = true;
- }
- }
-
return modified;
}

0 comments on commit 6ddbb55

Please sign in to comment.