Scott Chacon <[email protected]> wrote: > I just ran into a stupid client that put the username in the http_URL > field, making the first line of the HTTP request look like this: > > GET http://usern...@localhost:8080/mojombo/grit HTTP/1.1 > > Unicorn 500s on this, saying it can't parse the headers. I'm > including a unit test that will die on this, but my question is should > Unicorn handle this gracefully by just stripping off the username - > parsing it as a 'server' instead of a 'host'? It seems that most > other webservers do, even though it doesn't appear to be the spec.
Hi Scott, Other servers (Mongrel) fell back to URI.parse which allowed this. Since Mongrel allowed it (possibly on accident), Unicorn should probably allow it, too... The following change should fix things for you, but I'm not sure about the list of allowed characters for the user and don't have time to check the RFCs right now. Which client is doing this? Any hope of fixing it there? But yeah, definitely not in rfc2616 from what I remember. Also scp-ed the C source up to http://unicorn.bogomips.org/unicorn_parser.c in case you don't have Ragel. diff --git a/ext/unicorn_http/unicorn_http_common.rl b/ext/unicorn_http/unicorn_http_common.rl index 041dfec..4842972 100644 --- a/ext/unicorn_http/unicorn_http_common.rl +++ b/ext/unicorn_http/unicorn_http_common.rl @@ -28,6 +28,7 @@ scheme = ( "http"i ("s"i)? ) $downcase_char >mark %scheme; hostname = (alnum | "-" | "." | "_")+; host_with_port = (hostname (":" digit*)?) >mark %host; + user = ((alnum | "_" | ".")+ "@")*; path = ( pchar+ ( "/" pchar* )* ) ; query = ( uchar | reserved )* %query_string ; @@ -36,7 +37,7 @@ rel_path = (path? (";" params)? %request_path) ("?" %start_query query)?; absolute_path = ( "/"+ rel_path ); path_uri = absolute_path > mark %request_uri; - Absolute_URI = (scheme "://" host_with_port path_uri); + Absolute_URI = (scheme "://" user host_with_port path_uri); Request_URI = ((absolute_path | "*") >mark %request_uri) | Absolute_URI; Fragment = ( uchar | reserved )* >mark %fragment; -- Eric Wong _______________________________________________ Unicorn mailing list - [email protected] http://rubyforge.org/mailman/listinfo/mongrel-unicorn Do not quote signatures (like this one) or top post when replying
