On Thu, 12 May 2016 12:23:59 GMT, Sönke Ludwig wrote:
On Tue, 03 May 2016 12:47:49 GMT, Marcio Martins wrote:
https://github.com/rejectedsoftware/vibe.d/blob/master/source/vibe/http/server.d#L1662if (s.startsWith('[')) { // IPv6 address auto idx = s.indexOf(']'); enforce(idx > 0, "Missing closing ']' for IPv6 address."); reqhost = s[1 .. idx]; s = s[idx+1 .. $]; } else { // host name or IPv4 address auto idx = s.indexOf(':'); if (idx < 0) idx = s.length; enforce(idx > 0, "Missing host name."); reqhost = s[0 .. idx]; s = s[idx .. $]; }This basically enforces there is a host in the headers, and if there isn't one, it will display the error page.
The bigger issue is that the error page will be called with an half-way initialized
reqandreswhich is problematic. Basicallyreq.settingsis not set yet so a req.fullURL in the error page call will crash the server.Maybe just gracefully ignoring these two errors and picking the first v-host and then throwing the exception after more of the request is parsed would be a better response.
What do you think?
I've made the Host header optional again, but only for HTTP 1.0. The enforcements now result in a 400 status instead of 500 and the request settings field is now set to the default settings as long as a specific virtual host hasn't been selected.
This still leaves some of the other initializations out (compression, URL parsing, cookie/session parsing, json/form parsing, default response headers), but those shouldn't matter for low level protocol violations anyway. They could be done with the default settings, but that would mean a performance hit for all requests only to support a rare edge case outside of any use case, so I didn't go that far.
Commit: c065005
Looks good Sönke! Thanks!