Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize UTF8 characters from headers #1674

Merged
merged 1 commit into from
Sep 15, 2017
Merged

Sanitize UTF8 characters from headers #1674

merged 1 commit into from
Sep 15, 2017

Conversation

jmhooper
Copy link
Member

Why: Rack encodes headers into 8 bit ASCII which results in encoding
compatibility errors further down the stack when the app tries to
manipulate them. This commit encodes the headers and replaces
incompatible characters with ? characters so the headers do not cause
the app to respond with 500s.

zachmargolis
zachmargolis approved these changes Sep 14, 2017
View reviewed changes
Copy link
Contributor

@zachmargolis zachmargolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jmhooper jmhooper force-pushed the jmhooper-header-encoding branch from 7c00e17 to f58943f Compare September 14, 2017 23:04
zachmargolis
zachmargolis reviewed Sep 15, 2017
View reviewed changes
spec/requests/headers_spec.rb Outdated
@@ -24,4 +24,10 @@

expect(response.code.to_i).to eq(404)
end

it 'handles headers that are not ASCII encodable' do
get root_path, headers: { 'Host' => '¿/?' }
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this might be the wrong header to test because we delete the entire header?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed up this spec so that it doesn't use the Host header. Mind taking another look?

zachmargolis
zachmargolis approved these changes Sep 15, 2017
View reviewed changes
Copy link
Contributor

@zachmargolis zachmargolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for fixing

@jmhooper jmhooper force-pushed the jmhooper-header-encoding branch from 289d3de to 759f522 Compare September 15, 2017 19:11
@jmhooper
Sanitize UTF8 characters from headers
759f522 
**Why**: Rack encodes headers into 8 bit ASCII which results in encoding
compadibility errors futher down the stack when the app tries to
manipulate them. This commit encodes the headers and replaces
incompatible characters with `?` characters so the headers do not cause
the app to respond with 500s.
@jmhooper jmhooper merged commit 1fcbf66 into master Sep 15, 2017
@jmhooper jmhooper deleted the jmhooper-header-encoding branch December 12, 2017 20:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zachmargolis zachmargolis zachmargolis approved these changes

Assignees
No one assigned
Labels
status - ready for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jmhooper @zachmargolis