actix/actix-web
1
0
Fork 0
mirror of https://github.com/fafhrd91/actix-web synced 2025-05-19 07:23:17 +02:00
Code Issues Releases Wiki Activity

feat: do not use host header on http2 for guard (#3525)

Browse Source 
* feat(guard): do not use host header on http2 for guard

* docs: update changelog

---------

Co-authored-by: Rob Ede <robjtede@icloud.com>
This commit is contained in:
Joel Wurtz 2025-05-10 04:42:00 +02:00 committed by GitHub
parent 079400a72b
commit 3147aaccc7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
actix-web/CHANGES.md
View File

@ -6,6 +6,7 @@
- Improve handling of non-UTF-8 header values in `Logger` middleware. - Improve handling of non-UTF-8 header values in `Logger` middleware.
- Add `HttpServer::shutdown_signal()` method. - Add `HttpServer::shutdown_signal()` method.
- Mark `HttpServer` as `#[must_use]`. - Mark `HttpServer` as `#[must_use]`.
- Ignore `Host` header in `Host` guard when connection protocol is HTTP/2.
- Re-export `mime` dependency. - Re-export `mime` dependency.
- Update `brotli` dependency to `8`. - Update `brotli` dependency to `8`.

35
actix-web/src/guard/host.rs
View File

@ -1,4 +1,4 @@
use actix_http::{header, uri::Uri, RequestHead}; use actix_http::{header, uri::Uri, RequestHead, Version};
use super::{Guard, GuardContext}; use super::{Guard, GuardContext};
@ -66,6 +66,7 @@ fn get_host_uri(req: &RequestHead) -> Option<Uri> {
req.headers req.headers
.get(header::HOST) .get(header::HOST)
.and_then(|host_value| host_value.to_str().ok()) .and_then(|host_value| host_value.to_str().ok())
.filter(|_| req.version < Version::HTTP_2)
.or_else(|| req.uri.host()) .or_else(|| req.uri.host())
.and_then(|host| host.parse().ok()) .and_then(|host| host.parse().ok())
} }
@ -123,6 +124,38 @@ mod tests {
use super::*; use super::*;
use crate::test::TestRequest; use crate::test::TestRequest;
#[test]
fn host_not_from_header_if_http2() {
let req = TestRequest::default()
.uri("www.rust-lang.org")
.insert_header((
header::HOST,
header::HeaderValue::from_static("www.example.com"),
))
.to_srv_request();
let host = Host("www.example.com");
assert!(host.check(&req.guard_ctx()));
let host = Host("www.rust-lang.org");
assert!(!host.check(&req.guard_ctx()));
let req = TestRequest::default()
.version(actix_http::Version::HTTP_2)
.uri("www.rust-lang.org")
.insert_header((
header::HOST,
header::HeaderValue::from_static("www.example.com"),
))
.to_srv_request();
let host = Host("www.example.com");
assert!(!host.check(&req.guard_ctx()));
let host = Host("www.rust-lang.org");
assert!(host.check(&req.guard_ctx()));
}
#[test] #[test]
fn host_from_header() { fn host_from_header() {
let req = TestRequest::default() let req = TestRequest::default()