Open lovasoa opened 1 year ago
I dug in the logs, and here is a list of some user agents that sent the requests with raw unicode chars:
does h2spec not test for this...?
FYI :
I have made 2 pull request in order to make it work in actix http
With both of this changes it works fine (so no change needed in actix http crate)
Hello, and first, thank you for this great library !
Recently, I published a blog post titled I’m sorry I forked you. In the title, the second character is a curly apostrophe (
’
U+2019 Right Single Quotation Mark).I shared it online and started getting hits from a lot of different browsers. I significant portion of hits (I don't know which browsers exactly), did not encode the apostrophe (as
%E2%80%99
), but included the’
directly in the HTTP query.There are two layers between the web and my actix service:
But when it got to actix-web, it failed to parse the query, and returned a 400 back without even invoking my code. The very confusing error message I got was:
[ERROR actix_http::h1::dispatcher] stream error: Request parse error: Invalid Header provided
(confusing because the problem did not state what the problem was exactly, and said it came from headers instead of the query string).See: https://en.wikipedia.org/wiki/Internationalized_Resource_Identifier
Expected Behavior
Since clients in the real world emit http requests with unicode characters, I think actix-web should accept them, and just invoke the user code with the unicode query string.
And when it encounters a real issue with the query string, it should say it comes from the query string, not from the headers, and give more details than just
Request parse error
.Current Behavior
logs
[ERROR actix_http::h1::dispatcher] stream error: Request parse error: Invalid Header provided
and returns an HTTP 400 bad request response to the client.
Steps to Reproduce (for bugs)