* Fix RequestHeader parser (#1808)
When FastHTTP receives a header value suffixed or prefixed with tabs, they should be stripped.
* Remove redundant code
* Add test for header parser including tabs (#1808)
* Don't allow \r in header names
From RFC 9112:
A sender MUST NOT generate a bare CR (a CR character not immediately
followed by LF) within any protocol elements other than the content.
A recipient of such a bare CR MUST consider that element to be invalid
or replace each bare CR with SP before processing the element or forwarding
the message.
net/http seems to completely error on this, so let's do the same.
Fixes https://github.com/valyala/fasthttp/issues/1785
* Validate the full header field
* Prevent request smuggling
Prevent request smuggling when fasthttp is behind a reverse proxy that
might interprets headers differently by being stricter. Should also
prevent request smuggling when fasthttp is used as the reverse proxy.
* Make header value comparison case-insensitive
* Auto add 'Vary' header after compression
Add config `SetAddVaryHeaderForCompression` to enable
'Vary: Accept-Encoding' header when compression is used.
* feat: always set the Vary header
* create and use `ResponseHeader.AddVaryBytes`
* not export 'AddVaryBytes'
* Response.ContentEncoding(): store as field
The CE is not so often used for plain APIs responses and even not so often used for static files and on the fly compression.
But still it should be checked each time.
Also having a dedicated field getter and setter simplifies code
* header.go Use shorter Response.setNonSpecial() and Request.setNonSpecial() methods instead of SetCanonical()
The change should improve performance because the setSpecialHeader() call is omitted.
As a downside on adding a new basic header field all putHeader() must be replaced with a direct getter and setter.
* Adding zero-allocation uint64 to byte slice conversion and fixing the ResponseHeader.SetStatusLine function call signature
* Removing unnecessary i2b function
* Fixing various bugs
* Adding test cases
* Commenting AppendStatusLine
* Update status.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Update header.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Cleaning up references to strHTTP11, using formatStatusLine for invalidStatusLine, and making `appendStatusLine` an unexported function
Issue: https://github.com/valyala/fasthttp/issues/1132
* Fixing merge conflicts
Issue: https://github.com/valyala/fasthttp/issues/1132
* Replacing []byte{} with nil in some test cases
Issue: https://github.com/valyala/fasthttp/issues/1132
* Cleaning up parsing first line, and improving StatusMessage function
Issue: https://github.com/valyala/fasthttp/issues/1132
* Fixing as per PR
* Update header.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Update header.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Fixing as per requested changes
* Update header_test.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
* Add api DisableNoDefaultContentType to disable add default contentype if no Content-Type header.
* Update test case.
* Update api name.
* Update header.go
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
Co-authored-by: Erik Dubbelboer <erik@dubbelboer.com>
Juan Calderon-Perez
Kashiwa
Erik Dubbelboer
Oleksandr Redko
Oleksandr Redko
nickajacks1
AutumnSun
Anthony Ter-Saakov
kinggo
byene0923
Sergey Ponomarev
Jack.Ju
ichx
Shivansh Vij
Valentin Paz Marcolla
Kazumasa Takenaka (Bamboo)
MoreFreeze
Daniel Firsht
AlphaBaby
sky
phuslu
tedli