Quantcast

Invalid header parsing

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Invalid header parsing

soft_props
I noticed last night that our request headers extractors were all using the same formula for parsing header values. This is broke. If your header value has a , or ; in a single value it will be susceptible to this bug if the header in question is not meant to be delimited by , or ;.

I ran into a hint of this [1] the other day. I'll be looking into this tonight. I created a gh issue for it [2] and a branch for the refactor [3] with one failing test [4]. I have a pretty good idea of how I'm going to fix it but I wanted make you all aware in case your app depends on the header extractors.

We'll probably do another release this week with the fix.

[1]: https://github.com/n8han/Unfiltered/blob/oauth2/oauth2/src/test/scala/ProtectionSpec.scala#L23
[2]: https://github.com/n8han/Unfiltered/issues/17
[3]: https://github.com/n8han/Unfiltered/tree/header_parsing
[4]:https://github.com/n8han/Unfiltered/blob/header_parsing/library/src/test/scala/HeadersSpec.scala
Loading...