Actions
Bug #10970
closedOPTIONS * request generates assert
Start date:
09/24/2022
Due date:
% Done:
100%
Estimated time:
Description
Issuing the following (valid) http request:
OPTIONS * HTTP/1.1
triggers the following assert
assert(path.empty() || path[0] == '/');
due to path being *.
Not sure if this is just an assert issue, or that the * is indeed not handled correctly for OPTIONS requests.
Files
Updated by Roel Standaert over 1 year ago
- Status changed from New to InProgress
- Assignee set to Roel Standaert
- Target version set to 4.9.0
Updated by Roel Standaert over 1 year ago
- File 0001-WT-10970-disallow-asterisk-form-RFC-9112-3.2.4.patch 0001-WT-10970-disallow-asterisk-form-RFC-9112-3.2.4.patch added
- Status changed from InProgress to Review
- Assignee changed from Roel Standaert to Korneel Dumon
It appears that the easiest way to fix this is to disallow those kinds of requests. The patch (attached) is currently in review.
Updated by Roel Standaert over 1 year ago
- Status changed from Review to Implemented @Emweb
- Assignee changed from Korneel Dumon to Roel Standaert
- % Done changed from 0 to 100
Updated by Roel Standaert over 1 year ago
- Status changed from Implemented @Emweb to Resolved
Updated by Roel Standaert over 1 year ago
- Target version changed from 4.9.0 to 4.8.2
Updated by Roel Standaert over 1 year ago
- Status changed from Resolved to Closed
Actions