On Fri, 31 Oct 2025 12:09:59 GMT, Daniel Fuchs <[email protected]> wrote:
>> Peyang has updated the pull request incrementally with one additional commit >> since the last revision: >> >> Add documentation for HTTP range requests support in SimpleFileServer > > src/jdk.httpserver/share/classes/sun/net/httpserver/simpleserver/FileServerHandler.java > line 310: > >> 308: return true; >> 309: } >> 310: servePartialContents(exchange, path, ranges); > > The RFC says: > >> A server that supports range requests MAY ignore or reject a >> [Range](https://www.rfc-editor.org/rfc/rfc9110.html#field.range) header >> field that contains an invalid >> [ranges-specifier](https://www.rfc-editor.org/rfc/rfc9110.html#rule.ranges-specifier) >> ([Section >> 14.1.1](https://www.rfc-editor.org/rfc/rfc9110.html#range.specifiers)), a >> [ranges-specifier](https://www.rfc-editor.org/rfc/rfc9110.html#rule.ranges-specifier) >> with more than two overlapping ranges, or a set of many small ranges that >> are not listed in ascending order, since these are indications of either a >> broken client or a deliberate denial-of-service attack ([Section >> 17.15](https://www.rfc-editor.org/rfc/rfc9110.html#overlapping.ranges)). > > I would expect a validation of the ranges list before we serve them. I recall reading this part of the RFC before. Since it says *MAY*, and given that this is a simple web server, I wasn't sure if such validations are strictly required, so I didn't implement them. But if you think it's necessary, I can add them now. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/28021#discussion_r2481541467
