Do not require :authority pseudo header (#212)

Motivation: According to the HTTP/3 spec, "this pseudo-header field MUST be omitted when translating from an HTTP/1.1 request that has a request target in a method-specific form". Before this change, `Http3HeadersSink` would error when the :authority is missing. Modification: Make `Http3HeadersSink` accept the case where `:authority` is missing for `OPTIONS *`. Result: `Http3HeadersSink` follows spec. --------- Co-authored-by: Norman Maurer <[email protected]>
netty · Jan 18, 2024 · 2f06edb · 2f06edb
1 parent 8dec344
commit 2f06edb
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 0 deletions.
diff --git a/src/main/java/io/netty/incubator/codec/http3/Http3HeadersSink.java b/src/main/java/io/netty/incubator/codec/http3/Http3HeadersSink.java
@@ -81,6 +81,23 @@ void finish() throws Http3HeadersValidationException, Http3Exception {
                         // There can't be any duplicates for pseudy header names.
                         throw new Http3HeadersValidationException("Not all mandatory pseudo-headers included.");
                     }
+                } else if (HttpMethod.OPTIONS.asciiName().contentEqualsIgnoreCase(method)) {
+                    // See:
+                    //
+                    // https://www.rfc-editor.org/rfc/rfc9114.html#section-4.3.1
+                    // https://www.rfc-editor.org/rfc/rfc9110#section-7.1
+                    // - :method
+                    // - :scheme
+                    // - :authority
+                    // - :path
+                    if (pseudoHeadersCount != 4 &&
+                            // - :method
+                            // - :scheme
+                            // - :path
+                            !(pseudoHeadersCount == 3 && headers.authority() == null &&
+                                    "*".contentEquals(headers.path()))) {
+                        throw new Http3HeadersValidationException("Not all mandatory pseudo-headers included.");
+                    }
                 } else {
                     // For requests we must include:
                     // - :method

diff --git a/src/test/java/io/netty/incubator/codec/http3/Http3HeadersSinkTest.java b/src/test/java/io/netty/incubator/codec/http3/Http3HeadersSinkTest.java
@@ -133,6 +133,24 @@ public void testTrailersWithResponsePseudoHeaders() {
         assertThrows(Http3HeadersValidationException.class, () -> sink.finish());
     }
 
+    @Test
+    public void testAuthorityNotRequiredForOptionsWildcard() throws Http3Exception {
+        Http3HeadersSink sink = new Http3HeadersSink(new DefaultHttp3Headers(), 512, true, false);
+        sink.accept(Http3Headers.PseudoHeaderName.METHOD.value(), "OPTIONS");
+        sink.accept(Http3Headers.PseudoHeaderName.PATH.value(), "*");
+        sink.accept(Http3Headers.PseudoHeaderName.SCHEME.value(), "https");
+        sink.finish();
+    }
+
+    @Test
+    public void testAuthorityRequiredForOptionsNonWildcard() throws Http3Exception {
+        Http3HeadersSink sink = new Http3HeadersSink(new DefaultHttp3Headers(), 512, true, false);
+        sink.accept(Http3Headers.PseudoHeaderName.METHOD.value(), "OPTIONS");
+        sink.accept(Http3Headers.PseudoHeaderName.PATH.value(), "/something");
+        sink.accept(Http3Headers.PseudoHeaderName.SCHEME.value(), "https");
+        assertThrows(Http3HeadersValidationException.class, () -> sink.finish());
+    }
+
     private static void addMandatoryPseudoHeaders(Http3HeadersSink sink, boolean req) {
         if (req) {
             sink.accept(Http3Headers.PseudoHeaderName.METHOD.value(), "GET");