From f38272f18fcdafd9c2cc9cd35d1165e5d527152d Mon Sep 17 00:00:00 2001 From: Tobias Thierer Date: Fri, 9 Sep 2016 13:09:25 +0100 Subject: Apply upstream commit: Allow HTAB in header values. This applies upstream commit 02b08fbde7b1726d7a4c0dc971152751ac82ca0a Due to deviation between upstream and AOSP, the change was applied manually. RFC 7230 section 3.2 allows HTAB ('\t', '\u0009') inside header values as long as there is not more than one in a row: https://tools.ietf.org/html/rfc7230#section-3.2 Before this CL, OkHttp previously disallowed HTAB in header values. This CL changes behavior to allow any number of consecutive HTABs inside a header value; this is more permissive than the RFC, but is consistent with how OkHttp currently treats space characters (' ', '\u0020'). Bug: 30799514 Test: run cts -m CtsLibcoreTestCases Test: run cts -m CtsLibcoreOkHttpTestCases Change-Id: I0dd68d1697affaf739167174970d52e466a2bc16 (cherry picked from commit 1917ec9635dea723538ea000b67b105999e58710) --- .../src/test/java/com/squareup/okhttp/RequestTest.java | 11 ++++++++++- .../java/com/squareup/okhttp/internal/http/HeadersTest.java | 2 ++ okhttp/src/main/java/com/squareup/okhttp/Headers.java | 4 ++-- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java index 47c6010..3b31cc8 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/RequestTest.java @@ -174,6 +174,16 @@ public final class RequestTest { } } + @Test public void headerAllowsTabOnlyInValues() throws Exception { + Request.Builder builder = new Request.Builder(); + builder.header("key", "sample\tvalue"); + try { + builder.header("sample\tkey", "value"); + fail(); + } catch (IllegalArgumentException expected) { + } + } + @Test public void headerForbidsControlCharacters() throws Exception { assertForbiddenHeader(null); assertForbiddenHeader("\u0000"); @@ -185,7 +195,6 @@ public final class RequestTest { assertForbiddenHeader("a\rb"); assertForbiddenHeader("\rb"); // End of Android modification. - assertForbiddenHeader("\t"); assertForbiddenHeader("\u001f"); assertForbiddenHeader("\u007f"); diff --git a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java index 1f5ad6d..e4938c1 100644 --- a/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java +++ b/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java @@ -155,10 +155,12 @@ public final class HeadersTest { .add("foo: bar") .add(" foo: baz") // Name leading whitespace is trimmed. .add("foo : bak") // Name trailing whitespace is trimmed. + .add("\tkey\t:\tvalue\t") // '\t' also counts as whitespace .add("ping: pong ") // Value whitespace is trimmed. .add("kit:kat") // Space after colon is not required. .build(); assertEquals(Arrays.asList("bar", "baz", "bak"), headers.values("foo")); + assertEquals(Arrays.asList("value"), headers.values("key")); assertEquals(Arrays.asList("pong"), headers.values("ping")); assertEquals(Arrays.asList("kat"), headers.values("kit")); } diff --git a/okhttp/src/main/java/com/squareup/okhttp/Headers.java b/okhttp/src/main/java/com/squareup/okhttp/Headers.java index d5b4cef..9e92555 100644 --- a/okhttp/src/main/java/com/squareup/okhttp/Headers.java +++ b/okhttp/src/main/java/com/squareup/okhttp/Headers.java @@ -307,8 +307,8 @@ public final class Headers { // ANDROID-BEGIN // http://b/28867041 - keep things working for apps that rely on Android's (out of spec) // UTF-8 header encoding behavior. - // if (c <= '\u001f' || c >= '\u007f') { - if (c <= '\u001f' || c == '\u007f') { + // if ((c <= '\u001f' && c != '\u0009' /* htab */) || c >= '\u007f') { + if ((c <= '\u001f' && c != '\u0009' /* htab */) || c == '\u007f') { // ANDROID-END throw new IllegalArgumentException(String.format( "Unexpected char %#04x at %d in header value: %s", (int) c, i, value)); -- cgit v1.2.3