1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-22 15:24:46 -05:00

fix(ext/fetch): ignore user content-length header (#15555)

Previously if a user specified a content-length header for an POST
request without a body, the request would contain two `content-length`
headers. One added by us, and one added by the user.

This commit ignores all content-length headers coming from the user,
because we need to have the sole authority on the content-length because
we transmit the body.
This commit is contained in:
Luca Casonato 2022-08-23 12:43:04 +02:00 committed by GitHub
parent ecf3b51fd9
commit 24f7f3fda9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 63 additions and 1 deletions

View file

@ -760,6 +760,68 @@ Deno.test(
},
);
Deno.test(
{
permissions: { net: true },
},
async function fetchUserSetContentLength() {
const addr = "127.0.0.1:4501";
const bufPromise = bufferServer(addr);
const response = await fetch(`http://${addr}/blah`, {
method: "POST",
headers: [
["Content-Length", "10"],
],
});
await response.arrayBuffer();
assertEquals(response.status, 404);
assertEquals(response.headers.get("Content-Length"), "2");
const actual = new TextDecoder().decode((await bufPromise).bytes());
const expected = [
"POST /blah HTTP/1.1\r\n",
"content-length: 0\r\n",
"accept: */*\r\n",
"accept-language: *\r\n",
`user-agent: Deno/${Deno.version.deno}\r\n`,
"accept-encoding: gzip, br\r\n",
`host: ${addr}\r\n\r\n`,
].join("");
assertEquals(actual, expected);
},
);
Deno.test(
{
permissions: { net: true },
},
async function fetchUserSetTransferEncoding() {
const addr = "127.0.0.1:4501";
const bufPromise = bufferServer(addr);
const response = await fetch(`http://${addr}/blah`, {
method: "POST",
headers: [
["Transfer-Encoding", "chunked"],
],
});
await response.arrayBuffer();
assertEquals(response.status, 404);
assertEquals(response.headers.get("Content-Length"), "2");
const actual = new TextDecoder().decode((await bufPromise).bytes());
const expected = [
"POST /blah HTTP/1.1\r\n",
"content-length: 0\r\n",
`host: ${addr}\r\n`,
"accept: */*\r\n",
"accept-language: *\r\n",
`user-agent: Deno/${Deno.version.deno}\r\n`,
"accept-encoding: gzip, br\r\n\r\n",
].join("");
assertEquals(actual, expected);
},
);
Deno.test(
{
permissions: { net: true },

View file

@ -287,7 +287,7 @@ where
.map_err(|err| type_error(err.to_string()))?;
let v = HeaderValue::from_bytes(&value)
.map_err(|err| type_error(err.to_string()))?;
if name != HOST {
if !matches!(name, HOST | CONTENT_LENGTH) {
request = request.header(name, v);
}
}