async-h1
async-h1 copied to clipboard
http-rs
Asynchronous HTTP/1.1 in Rust
this is a mirror issue for https://github.com/http-rs/surf/issues/298 > surf will use an unbounded amount of memory if the server sends a single infinitely large header. surf has some DoS prevention...
Regarding the addition of a `sleep` to `accept_one`: This is used by the `test_accept_partial_read_sequential_requests` test to make it easier to reproduce the problem. Hopefully you agree that such a delay...
AIUI, the clone bound is required in the case where multiple requests are accepted over the same AsyncRead and to avoid having a lifetime bound on the `Request` type. I...
Example: - Client sends "Expect" header - Server begins writing response - Server reads from request body for the first time - Background task sends "100 Continue" response in the...
dates
we should copy the impl from here https://crates.io/crates/httpdate (or use as a dep, unsure which is better)
This PR represents all breaking changes for async-h1 v3. Please target any breaking change PRs on the v3 branch closes #152 closes #122
In most cases, we parse a url from host and path and then later on only use the path for routing. Holding two &str's on Request and only generating a...
According to the spec HTTP/1.1 must be able to handle [pipelined requests](https://en.wikipedia.org/wiki/HTTP_pipelining) on the server, even if it chooses never to initiate it or even send back pipelined responses. We...
As was pointed out [on Reddit](https://www.reddit.com/r/rust/comments/kfbrce/announce_asynch1_230_tide_requestsmuggling/gg82svm/?utm_source=reddit&utm_medium=web2x&context=3) during our `2.3.0` security release, prior art exists on guarding against desync (request smuggling) attacks. [http-desync-guardian](https://github.com/aws/http-desync-guardian) is a library which may be able to...
Currently our handling of HTTP/1.0 connections is rather blunt: we log an error and exit. We could do better by sending back a [426: Upgrade Required](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/426) header with an `Upgrade:...