Implement RFC-7230 section 5.3.3 #66
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -88,16 +88,29 @@ private void writeTo(OutputStream outputStream, boolean newLine) throws IOExcept | |
| outputStream.write(method.getBytes(StandardCharsets.US_ASCII)); | ||
| outputStream.write(' '); | ||
|
|
||
| //RFC-7230 section 5.3.3 | ||
| if ("CONNECT".equalsIgnoreCase(method)) { | ||
| String host = uri.getHost(); | ||
| int port = uri.getPort(); | ||
| assert host != null : "Host is missing from RequestLine uri"; | ||
|
There was a problem hiding this comment. I noticed this library does not use asserts or throws, so curious to hear what the suggestion is here. https://datatracker.ietf.org/doc/html/rfc7230#section-5.3.3 seems to require host to be provided in a CONNECT case There was a problem hiding this comment. host can be null here. The There was a problem hiding this comment. Oh, you're about this: In this case, this shouldn't be an assert, it should be straight out an Exception, because the caller should be notified of the problem. There was a problem hiding this comment. Thanks for the suggestion! I'll implement this. There was a problem hiding this comment. Looks like the server side also has some "obligations" to make CONNECT work. To support CONNECT correctly, we would need to do this as well :) . But I can finish the job, just let me know if you can help and how you're using this, so I can understand the use cases. There was a problem hiding this comment. I can take a look. I'm implementing a tunnel solution in java which connects to pomerium. As part of their tcp tunnel implementation, I create a socket and send a CONNECT request to which it replies with a response followed by keeping the socket open and switches over to proxying the streams. So I'm using this library to construct the initial message and parse the response. There was a problem hiding this comment. Went through and added move validations and some changes to requestHasBody (responseHasBody is already handling connect). Let me know if there were other areas of the code you can think of that may need this (new to the project 😊) |
||
|
|
||
| outputStream.write(host.getBytes(StandardCharsets.US_ASCII)); | ||
| if (port != -1) { | ||
| outputStream.write(':'); | ||
| outputStream.write(Integer.toString(port).getBytes(StandardCharsets.US_ASCII)); | ||
| } | ||
| } else { | ||
| String path = uri.getRawPath(); | ||
| if (path == null || path.isEmpty()) { | ||
| outputStream.write('/'); | ||
| } else { | ||
| outputStream.write(path.getBytes(StandardCharsets.US_ASCII)); | ||
| } | ||
| String query = uri.getRawQuery(); | ||
| if (query != null && !query.isEmpty()) { | ||
| outputStream.write('?'); | ||
| outputStream.write(query.getBytes(StandardCharsets.US_ASCII)); | ||
| } | ||
| } | ||
|
|
||
| outputStream.write(' '); | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the easier way to do this logic would be to already check the options here, like this:
There's no need to enter this branch in any other case. Also notice the code below is checking the wrong option.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Jeez, good catch, starts with allowIllegal and they all looked the same 🙈
Ok so the thinking is if allowIllegalConnectAuthority is set, the logic will fall back into the original implementation.