http_proto icon indicating copy to clipboard operation
http_proto copied to clipboard
verified publisher icon cppalliance

Parser should preserve trailing headers in chunked HTTP messages

Open ashtum opened this issue 3 months ago • 3 comments

Currently, we are discarding trailing headers. We need to provide an interface that gives access to these fields once the message is completely received. Additionally, we must be cautious of potential header smuggling attacks in this context.

ashtum avatar Oct 04 '25 17:10 ashtum

what if the user wants to access the original header fields when they look at the trailers? by that time, the parser's internal buffer no longer has the data.... what to do?

vinniefalco avatar Oct 10 '25 00:10 vinniefalco

what if the user wants to access the original header fields when they look at the trailers? by that time, the parser's internal buffer no longer has the data.... what to do?

parser keeps the original header intact during body processing even when the whole message is completely received. It is the call to parser::start() that clears it.

ashtum avatar Oct 10 '25 05:10 ashtum

no shit! That's pretty cool. We might consider offering a way for the user to say "I dont need the header anymore" to make that space available for body work.

vinniefalco avatar Oct 10 '25 15:10 vinniefalco