Malformed header
rokha opened this issue · comments
Hi,
While working on Hoa\WebSocket
I ran into a weird issue where a particular browser instance of chrome was breaking the socket server for all the connected clients. Upon investigation, we realized that the browser was sending malformed (read incomplete) headers. Although couldn't figure out why but realized that it should not be the reason why socket server should break for everyone.
Eventually, we found the reason to be in _parse
function of Hoa\Http
at this line.
The header I was receiving had the last line clipped before :
which caused index not available. An example header is:
GET / HTTP/1.1
Host: pr.newsbytesapp.com:8889
Connection: Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
Origin: http://xx.yyyy.com
Sec-WebSocket-Version: 13
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Cookie: __unam=a56ccef-15471a9429e-452f979a-2504; AMP_ECID_GOOGLE=amp-ABTfroEKKHPPukDuQQc4mzfNOnfBTUtE4njuK5GdQq74kjG_SM0xuErSuvkLS27b; laravel_acl_sentry=eyJpdiI6ImpjaDBoZU9HbmY3RXVPemMzSHJMTVE9PSIsInZhbHVlIjoiSDVlclRjaW1ydlNLYXhsSTRZd0tkQnpEdURySVB2VzQ1Zlgrc1g3ZzdtdnZ6aW1kZmdiblRURDlpR28zYnVhN2pRSUZhbEZybWp0Z2VvMVFuYW9oVHl5RzZodVJOZXJNTmhQaGJwamdIQUJDWFBLRUpadTk0Vkx3M1JtSGlzSUQiLCJtYWMiOiI5MzQxZDQ4Yjg0MGIyNDYyYjU2N2Y1ZDFjOGMyZmE3MTA2ZDA3MzE1NTg3N2EyZWQzYmZhZDA5YThlNzllNzY5In0%3D; _gat=1; laravel_session=eyJpdiI6IkdzcVNcL2g0b0dxZFkyck8wT1wvN09HUT09IiwidmFsdWUiOiIzODYxUk5ZcEZVXC96b1pITnc5TlhwWnJMamVrankrMVhJaVpWZ2NoTXVQSnV5WHJ0MW4yalRnSVpmQlJmQkRQdHhBMGgyVFl5dnVHOW1FK0JZQld1aGc9PSIsIm1hYyI6IjMxNWJmYmU3ZWY2NzNlYjk0NTMwZWVkMjVhYWU1Y2FkMGZlNjU4Y2FkYTYxN2RkYmQ0MDM3NDRiYTFkNTg0NjIifQ%3D%3D; chch-SI=61CB5ABFCAE3FBC75C27A7B22B4EF5D7; chch-PSI=61CB5ABFCAE3FBC75C27A7B22B4EF5D7; _ga=GA1.2.1418394292.1462195799
Sec-WebSocket-Key: TjO2I+f5Q2SB4bxjQ9hDSA==
Sec-WebSocket-Extens
as you can see Sec-WebSocket-Extensions
was missing. I think it is an important issue as one cannot control client behavior.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
Related to hoaproject/Websocket#73 and hoaproject/Websocket#72.
ping @Pierozi
Hello @rokha, what's your request, the Sec-WebSocket-Extensions
has no value ?
@Pierozi I guess the parsing stops at a specific length, and since the Cookie
is very long, the buffer is not big enough to parse the whole request.
It's not really no value, it may also be that some header is partially available. As in my example, it never reached the :
Also, I increased the buffer size but that was not helping.