[GitHub] [httpcomponents-core] ok2c commented on a diff in pull request #428: Add validation for :path pseudo-header in HTTP/2 requests RFC7540

Thu, 14 Sep 2023 06:46:45 -0700 


ok2c commented on code in PR #428:
URL: 
https://github.com/apache/httpcomponents-core/pull/428#discussion_r1325975840


##########
httpcore5-h2/src/main/java/org/apache/hc/core5/http2/impl/DefaultH2RequestConverter.java:
##########
@@ -208,4 +210,39 @@ public List<Header> convert(final HttpRequest message) 
throws HttpException {
         return headers;
     }
 
+    /**
+     * Validates the {@code :path} pseudo-header field based on the provided 
HTTP method and scheme.
+     * <p>
+     * This method checks the following:
+     * <ul>
+     *     <li>For 'http' or 'https' URIs, the {@code :path} pseudo-header 
field must not be empty.</li>
+     *     <li>If the HTTP method is OPTIONS and the URI does not contain a 
path component,
+     *         the {@code :path} pseudo-header field must have a value of 
'*'.</li>
+     *     <li>For 'http' or 'https' URIs, the {@code :path} pseudo-header 
field must either start with '/' or be '*'.</li>
+     * </ul>
+     * </p>
+     *
+     * @param method The HTTP method of the request.
+     * @param scheme The scheme of the request.
+     * @param path The value of the {@code :path} pseudo-header field.
+     * @throws ProtocolException if the {@code :path} pseudo-header field is 
invalid.
+     */
+    private void validatePathPseudoHeader(final String method, final String 
scheme, final String path) throws ProtocolException {
+        if (URIScheme.HTTP.name().equalsIgnoreCase(scheme) || 
URIScheme.HTTPS.name().equalsIgnoreCase(scheme)) {
+            if (TextUtils.isBlank(path)) {
+                if (Method.OPTIONS.isSame(method)) {
+                    if (!"*".equals(path)) {

Review Comment:
   @arturobernalg This looks wrong. Should not the `path` already be known to 
be blank in this branch?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to