search

seanmonstar / httparse

A push parser for the HTTP 1.x protocol in Rust.
https://docs.rs/httparse
Apache License 2.0
569 stars 110 forks source link

Allow " in URIs #87

Closed nox closed 3 years ago

nox commented 3 years ago

There are user-agents out there sending " without percent-encoding it in the URI, it would be nice if Hyper would allow those. The character was drive-by disallowed in #40. I can patch the non-optimised code but I'll need some hand-holding to patch the SIMD paths, as #41 still holds.

nox commented 3 years ago

An example of request received in the wild, AFAIK this was a request generated by GeForce Experience:

GET /nvidia_web_services/controller.gfeclientcontent.php/com.nvidia.services.GFEClientContent.getShieldReady/{"gcV":"2.2.2.0","dID":"1341","osC":"6.20","is6":"1","lg":"1033","GFPV":"389.08","isO":"1","sM":"16777216"} HTTP/1.0
Host: gfwsl.geforce.com

Note the JSON embedded directly in the URI path.

seanmonstar commented 3 years ago

I can't say I know why it was disallowed in that PR, but I'm fine with it being fixed. I imagine we can ask in Discord around how to update the SIMD stuff. With a sufficiently long example in the tests (perhaps just the one you pasted), CI should be able to catch it I assume.

nox commented 3 years ago

I found someone to help me at Cloudflare, here is my branch. I am a little bit worried that the test I made from the GFE request isn't failing locally, though AFAIK it should be taking the SIMD path given how long the URI is.