diff options
| author | Tobias Thierer <tobiast@google.com> | 2016-09-09 13:09:25 +0100 |
|---|---|---|
| committer | Tobias Thierer <tobiast@google.com> | 2016-09-12 13:13:29 +0100 |
| commit | f38272f18fcdafd9c2cc9cd35d1165e5d527152d (patch) | |
| tree | aee1888414fc424a40588309b33470cd983fc5c8 | |
| parent | da039605fac12ce27a4e9e07e3ace8d4a4108868 (diff) | |
| download | okhttp-nougat-mr1.3-release.tar.gz | |
Apply upstream commit: Allow HTAB in header values.android-cts_7.1_r1android-cts-7.1_r1android-7.1.1_r9android-7.1.1_r8android-7.1.1_r7android-7.1.1_r61android-7.1.1_r60android-7.1.1_r6android-7.1.1_r59android-7.1.1_r58android-7.1.1_r57android-7.1.1_r56android-7.1.1_r55android-7.1.1_r54android-7.1.1_r53android-7.1.1_r52android-7.1.1_r51android-7.1.1_r50android-7.1.1_r49android-7.1.1_r48android-7.1.1_r47android-7.1.1_r46android-7.1.1_r45android-7.1.1_r44android-7.1.1_r43android-7.1.1_r42android-7.1.1_r41android-7.1.1_r40android-7.1.1_r4android-7.1.1_r39android-7.1.1_r38android-7.1.1_r35android-7.1.1_r33android-7.1.1_r32android-7.1.1_r31android-7.1.1_r3android-7.1.1_r28android-7.1.1_r27android-7.1.1_r26android-7.1.1_r25android-7.1.1_r24android-7.1.1_r23android-7.1.1_r22android-7.1.1_r21android-7.1.1_r20android-7.1.1_r2android-7.1.1_r17android-7.1.1_r16android-7.1.1_r15android-7.1.1_r14android-7.1.1_r13android-7.1.1_r12android-7.1.1_r11android-7.1.1_r10android-7.1.1_r1nougat-mr1.8-releasenougat-mr1.7-releasenougat-mr1.6-releasenougat-mr1.5-releasenougat-mr1.4-releasenougat-mr1.3-releasenougat-mr1.2-releasenougat-mr1.1-releasenougat-mr1-volantis-releasenougat-mr1-security-releasenougat-mr1-releasenougat-mr1-flounder-releasenougat-mr1-dev
This applies upstream commit
02b08fbde7b1726d7a4c0dc971152751ac82ca0a
Due to deviation between upstream and AOSP, the change was applied
manually.
RFC 7230 section 3.2 allows HTAB ('\t', '\u0009') inside header
values as long as there is not more than one in a row:
https://tools.ietf.org/html/rfc7230#section-3.2
Before this CL, OkHttp previously disallowed HTAB in header values.
This CL changes behavior to allow any number of consecutive HTABs
inside a header value; this is more permissive than the RFC, but
is consistent with how OkHttp currently treats space characters
(' ', '\u0020').
Bug: 30799514
Test: run cts -m CtsLibcoreTestCases
Test: run cts -m CtsLibcoreOkHttpTestCases
Change-Id: I0dd68d1697affaf739167174970d52e466a2bc16
(cherry picked from commit 1917ec9635dea723538ea000b67b105999e58710)
3 files changed, 14 insertions, 3 deletions
diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java index 47c6010..3b31cc8 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java @@ -174,6 +174,16 @@ public final class RequestTest { } } + @Test public void headerAllowsTabOnlyInValues() throws Exception { + Request.Builder builder = new Request.Builder(); + builder.header("key", "sample\tvalue"); + try { + builder.header("sample\tkey", "value"); + fail(); + } catch (IllegalArgumentException expected) { + } + } + @Test public void headerForbidsControlCharacters() throws Exception { assertForbiddenHeader(null); assertForbiddenHeader("\u0000"); @@ -185,7 +195,6 @@ public final class RequestTest { assertForbiddenHeader("a\rb"); assertForbiddenHeader("\rb"); // End of Android modification. - assertForbiddenHeader("\t"); assertForbiddenHeader("\u001f"); assertForbiddenHeader("\u007f"); diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java index 1f5ad6d..e4938c1 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java @@ -155,10 +155,12 @@ public final class HeadersTest { .add("foo: bar") .add(" foo: baz") // Name leading whitespace is trimmed. .add("foo : bak") // Name trailing whitespace is trimmed. + .add("\tkey\t:\tvalue\t") // '\t' also counts as whitespace .add("ping: pong ") // Value whitespace is trimmed. .add("kit:kat") // Space after colon is not required. .build(); assertEquals(Arrays.asList("bar", "baz", "bak"), headers.values("foo")); + assertEquals(Arrays.asList("value"), headers.values("key")); assertEquals(Arrays.asList("pong"), headers.values("ping")); assertEquals(Arrays.asList("kat"), headers.values("kit")); } diff --git a/okhttp/src/main/java/com/squareup/okhttp/Headers.java b/okhttp/src/main/java/com/squareup/okhttp/Headers.java index d5b4cef..9e92555 100644 --- a/okhttp/src/main/java/com/squareup/okhttp/Headers.java +++ b/okhttp/src/main/java/com/squareup/okhttp/Headers.java @@ -307,8 +307,8 @@ public final class Headers { // ANDROID-BEGIN // http://b/28867041 - keep things working for apps that rely on Android's (out of spec) // UTF-8 header encoding behavior. - // if (c <= '\u001f' || c >= '\u007f') { - if (c <= '\u001f' || c == '\u007f') { + // if ((c <= '\u001f' && c != '\u0009' /* htab */) || c >= '\u007f') { + if ((c <= '\u001f' && c != '\u0009' /* htab */) || c == '\u007f') { // ANDROID-END throw new IllegalArgumentException(String.format( "Unexpected char %#04x at %d in header value: %s", (int) c, i, value)); |