Request with malformed path raises `URI::InvalidURIError`
dentarg opened this issue · comments
If you send a request without the start /
for the request path, Puma will raise URI::InvalidURIError
at
Line 421 in fd259b7
Repro (have Puma running on port 8080) and do this
printf 'GET : HTTP/1.0\r\n\r\n' | nc localhost 8080
Should we turn this into Puma::HttpParserError
?
Since getsentry/sentry-ruby#2026 I'm too well aware of these (but I don't want to exclude URI::InvalidURIError
from my error reporting)
WEBrick 1.8.1 does log it
[2023-05-11 23:52:31] ERROR bad URI `:/'.
127.0.0.1 - - [11/May/2023:23:52:31 CEST] "GET :/ HTTP/1.0" 400 270
- -> :/
SimpleHTTP/0.6 Python/3.10.6
just returns 404
$ python -m http.server 8080
Serving HTTP on :: port 8080 (http://[::]:8080/) ...
::ffff:127.0.0.1 - - [12/May/2023 00:08:21] code 404, message File not found
::ffff:127.0.0.1 - - [12/May/2023 00:08:21] "GET : HTTP/1.0" 404 -
Should we turn this into
Puma::HttpParserError
?
Makes sense, should the log include URI::InvalidURIError
as text?
While working on the 'valid HTTP methods' problem, the delineation between 'error logging' and 'request logging' seemed a bit unclear as to overlap...
After we rescue, it looks like the Webrick behavior is correct: RFC 7230
Recipients of an invalid request-line SHOULD respond with either a
400 (Bad Request) error or a 301 (Moved Permanently) redirect with
the request-target properly encoded.
ParserError makes sense.
To summarize,
- Using @dentarg's original test case...
- ... Puma should raise and internally rescue HTTPParserError, log that this occurred, and return 400.