quicwg / qlog

The IETF I-D documents for the qlog format
Other
86 stars 13 forks source link

Logging of HTTP field names or values that contain illegal bytes #413

Closed LPardue closed 4 months ago

LPardue commented 8 months ago

While normally HTTP header names and values are expected to be safe strings (possibly with even further restrictions on the chartacter set that is allowed), it's possible that an endpoint could receive garbage bytes that it would validate and reject. In such scenarios, it can be useful to log what was received for the purposes of debugging root causes.

The H3HeadersFrame uses the H3HTTPField type, where names and values use the text type. This is unfortunate as it forces implementers into certain approaches to logging. For instance, Rust has a f[rom_utf8_lossy()](https://doc.rust-lang.org/std/string/struct.String.html#method.from_utf8_lossy) method that would insert a � for an invalid sequence. While safe, this discards information that could be useful to understand excatly what was received.