Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate custom HTTP method names #4461

Merged
merged 1 commit into from
Jan 8, 2025
Merged

Validate custom HTTP method names #4461

merged 1 commit into from
Jan 8, 2025

Conversation

jroper
Copy link
Contributor

@jroper jroper commented Jan 8, 2025

Fixes #4460

jroper
jroper commented Jan 8, 2025
View reviewed changes
akka-http-core/src/main/scala/akka/http/impl/model/parser/CommonRules.scala
@@ -465,7 +465,7 @@ private[parser] trait CommonRules { this: Parser with StringBuilding =>
token ~> { s =>
HttpMethods.getForKey(s) match {
case Some(m) => m
case None => HttpMethod.custom(s)
case None => HttpMethod(s, isSafe = false, isIdempotent = false, requestEntityAcceptance = RequestEntityAcceptance.Expected, ConstantFun.anyToTrue)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For custom headers received by the server, there is no need to validate them because they have already been parsed according to the spec, so skip the validation in HttpMethod.custom.

johanandren
johanandren approved these changes Jan 8, 2025
View reviewed changes
Copy link
Member

@johanandren johanandren left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

akka-http-core/src/test/scala/akka/http/scaladsl/model/HttpMethodSpec.scala
class HttpMethodSpec extends AnyWordSpec with Matchers {
"HttpMethod.custom()" should {
"accept a valid name" in {
HttpMethod.custom("Yes.Thi$_is_1~'VAL|D`_me+h*d-^ame!#%&")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The most reasonable custom method name I ever saw :D

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's specified in RFC666 - Gaslighting HTTP resources.

@johanandren johanandren merged commit ccf4373 into akka:main Jan 8, 2025
9 checks passed
@jroper jroper deleted the validate-custom-method-names branch January 8, 2025 10:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@johanandren johanandren johanandren approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Validate custom HTTP methods
2 participants
@jroper @johanandren