Use the last Content-Length header value

hjr3 / weldr

A HTTP 1.1 proxy written in Rust using tokio.

Apache License 2.0

217 stars 20 forks source link

Use the last Content-Length header value #51

Closed hjr3 closed 7 years ago

hjr3 commented 7 years ago

When multiple Content-Length headers are sent, the request and response parsing code will use the last value.

The header code was cleaned up a bit while fixing this issue. Both the request and the response use the same Headers code.

Fixes #45

tailhook commented 7 years ago

Well, It's a bad idea to use the last. You should reply with Bad Request to such request. Because otherwise some other proxy may choose the first for some reason and you'll get poisoned cache.

hjr3 commented 7 years ago

@tailhook I thought multiple content length headers are allowed in the spec, but after double checking I see that you are correct.