details: https://hg.nginx.org/nginx/rev/b290610bf812
branches:
changeset: 7876:b290610bf812
user: Maxim Dounin <mdounin@mdounin.ru>
date: Mon Jun 28 18:01:00 2021 +0300
description:
Moved TRACE method rejection to a better place.

Previously, TRACE requests were rejected before parsing Transfer-Encoding.
This is not important since keepalive is not enabled at this point anyway,
though rejecting such requests after properly parsing other headers is
less likely to cause issues in case of further code changes.

diffstat:

src/http/ngx_http_request.c | 14 +++++++-------
1 files changed, 7 insertions(+), 7 deletions(-)

diffs (31 lines):

diff -r 0c5e84096d99 -r b290610bf812 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c Mon Jun 21 09:42:43 2021 +0300
+++ b/src/http/ngx_http_request.c Mon Jun 28 18:01:00 2021 +0300
@@ -1980,13 +1980,6 @@ ngx_http_process_request_header(ngx_http
}
}

- if (r->method == NGX_HTTP_TRACE) {
- ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
- "client sent TRACE method");
- ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
- return NGX_ERROR;
- }
-
if (r->headers_in.transfer_encoding) {
if (r->headers_in.transfer_encoding->value.len == 7
&& ngx_strncasecmp(r->headers_in.transfer_encoding->value.data,
@@ -2013,6 +2006,13 @@ ngx_http_process_request_header(ngx_http
}
}

+ if (r->method == NGX_HTTP_TRACE) {
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
+ "client sent TRACE method");
+ ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);
+ return NGX_ERROR;
+ }
+
return NGX_OK;
}

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel