hyper icon indicating copy to clipboard operation
hyper copied to clipboard
verified publisher icon hyperium

First byte timeout

Open DFINITYManu opened this issue 2 years ago • 2 comments

We have in hyper a HTTP1 header read timeout (which is strangely not available for HTTP?) and this works great... if the client sends at least one byte (or a newline?).

If the client never sends a single byte, and just holds the connection open, the timeout never triggers.

I suggest we either make the timeout trigger even when no bytes have been sent (make the timer start ticking the minute serve_connection() is called) or we introduce another field explicitly for first byte timeout.

This will harden hyper servers against clients who attempt to open and hog connections open without any intention of sending any data.

DFINITYManu avatar Dec 01 '23 17:12 DFINITYManu

Yes, several have indicated that a separate timeout makes sense: https://github.com/hyperium/hyper/pull/3185#issuecomment-1728216663

seanmonstar avatar Dec 07 '23 16:12 seanmonstar