Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Revert "Disable input buffering when 'Connection: Upgrade' header is …

…set."

This reverts commit df8d020.

After some thinking this is not a good idea. An attacker can abuse this
feature to disable input buffering, resulting in a DoS. It's probably
best to require explicit disabling of input buffering in the config.
  • Loading branch information...
commit 6ddbb5534b14b0dd8e7f5429608fd7700f7caeea 1 parent df8d020
@FooBarWidget FooBarWidget authored
Showing with 0 additions and 10 deletions.
  1. +0 −10 ext/common/agents/HelperAgent/RequestHandler.h
View
10 ext/common/agents/HelperAgent/RequestHandler.h
@@ -1544,16 +1544,6 @@ class RequestHandler {
modified = true;
}
- /* If "Connection: Upgrade" then turn off input buffering. */
-
- if ((it = map.find("HTTP_CONNECTION")) != end) {
- if (it->second == "Upgrade" || it->second == "upgrade") {
- RH_TRACE(client, 2, "HTTP 'Connection: Upgrade' detected; disabling input buffering.");
- map["PASSENGER_BUFFERING"] = "false";
- modified = true;
- }
- }
-
return modified;
}
Please sign in to comment.
Something went wrong with that request. Please try again.