Skip to content

Fix rejecting invalid HTTP request starting with newlines #1110

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
PaulRotmann merged 1 commit into from
Jun 25, 2025
Merged

Fix rejecting invalid HTTP request starting with newlines #1110

PaulRotmann merged 1 commit into from
Jun 25, 2025

Conversation

@clue
Copy link
Member

@clue clue commented Jun 25, 2025

This changeset fixes rejecting invalid HTTP requests starting with empty newlines. This is part 13 of reviving Ratchet as discussed in #1054, unblocking more future progress.

The code in question hasn't been touched in a while. The idea is to start parsing HTTP headers when a double newline is encountered and the same logic should trigger if the buffer starts with a double newline. Accordingly, this will now properly reject such invalid requests and should not otherwise affect any valid HTTP requests. I've updated the tests to ensure this should not happen again. The test suite confirms this now has full test coverage and does not otherwise affect any of the existing tests.

Overall, this required quite a massive effort. If you want to support this project, please consider sponsoring @reactphp ❤️

Builds on top of #1092 and others, one step closer to reviving Ratchet as discussed in #1054
Resolves / closes #334

@clue clue added this to the 0.4.5 milestone Jun 25, 2025
@clue clue requested a review from PaulRotmann June 25, 2025 19:22
PaulRotmann
PaulRotmann approved these changes Jun 25, 2025
View reviewed changes
Copy link
Contributor

@PaulRotmann PaulRotmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! v0.4.5 seems pretty near by now. 👍

@PaulRotmann PaulRotmann merged commit 2032bb0 into ratchetphp:0.4.x Jun 25, 2025
14 checks passed
@clue clue deleted the headless branch June 25, 2025 19:53
@PaulRotmann PaulRotmann mentioned this pull request Jun 26, 2025
Closed
@clue clue mentioned this pull request Jul 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PaulRotmann PaulRotmann PaulRotmann approved these changes

Assignees

No one assigned

Labels

bug HTTP

Projects

None yet

Milestone

0.4.5

Development

Successfully merging this pull request may close these issues.

Server does not disconnect invalid client

2 participants

@clue @PaulRotmann