Fix DS not handling lowercase header keys

2025-04-07 04:42:49 +02:00 · 2018-03-16 14:18:42 -07:00 · 2018-03-16 14:18:42 -07:00 · 3a98cf284f
commit 3a98cf284f
parent 25b93d9fd7
3 changed files with 11 additions and 11 deletions
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@ -2209,7 +2209,7 @@ bool DomainServer::handleHTTPRequest(HTTPConnection* connection, const QUrl& url
            const QString ASSIGNMENT_INSTANCES_HEADER = "ASSIGNMENT-INSTANCES";
            const QString ASSIGNMENT_POOL_HEADER = "ASSIGNMENT-POOL";

-            QByteArray assignmentInstancesValue = connection->requestHeaders().value(ASSIGNMENT_INSTANCES_HEADER.toLocal8Bit());
+            QByteArray assignmentInstancesValue = connection->requestHeader(ASSIGNMENT_INSTANCES_HEADER.toLocal8Bit());

            int numInstances = 1;

@ -2221,7 +2221,7 @@ bool DomainServer::handleHTTPRequest(HTTPConnection* connection, const QUrl& url
            }

            QString assignmentPool = emptyPool;
-            QByteArray assignmentPoolValue = connection->requestHeaders().value(ASSIGNMENT_POOL_HEADER.toLocal8Bit());
+            QByteArray assignmentPoolValue = connection->requestHeader(ASSIGNMENT_POOL_HEADER.toLocal8Bit());

            if (!assignmentPoolValue.isEmpty()) {
                // specific pool requested, set that on the created assignment
@ -2619,7 +2619,7 @@ bool DomainServer::isAuthenticatedRequest(HTTPConnection* connection, const QUrl

    if (!_oauthProviderURL.isEmpty()
        && (adminUsersVariant.isValid() || adminRolesVariant.isValid())) {
-        QString cookieString = connection->requestHeaders().value(HTTP_COOKIE_HEADER_KEY);
+        QString cookieString = connection->requestHeader(HTTP_COOKIE_HEADER_KEY);

        const QString COOKIE_UUID_REGEX_STRING = HIFI_SESSION_COOKIE_KEY + "=([\\d\\w-]+)($|;)";
        QRegExp cookieUUIDRegex(COOKIE_UUID_REGEX_STRING);
@ -2664,7 +2664,7 @@ bool DomainServer::isAuthenticatedRequest(HTTPConnection* connection, const QUrl
            static const QByteArray REQUESTED_WITH_HEADER = "X-Requested-With";
            static const QString XML_REQUESTED_WITH = "XMLHttpRequest";

-            if (connection->requestHeaders().value(REQUESTED_WITH_HEADER) == XML_REQUESTED_WITH) {
+            if (connection->requestHeader(REQUESTED_WITH_HEADER) == XML_REQUESTED_WITH) {
                // unauthorized XHR requests get a 401 and not a 302, since there isn't an XHR
                // path to OAuth authorize
                connection->respond(HTTPConnection::StatusCode401, UNAUTHENTICATED_BODY);
@ -2695,7 +2695,7 @@ bool DomainServer::isAuthenticatedRequest(HTTPConnection* connection, const QUrl
        const QByteArray BASIC_AUTH_HEADER_KEY = "Authorization";

        // check if a username and password have been provided with the request
-        QString basicAuthString = connection->requestHeaders().value(BASIC_AUTH_HEADER_KEY);
+        QString basicAuthString = connection->requestHeader(BASIC_AUTH_HEADER_KEY);

        if (!basicAuthString.isEmpty()) {
            QStringList splitAuthString = basicAuthString.split(' ');
--- a/libraries/embedded-webserver/src/HTTPConnection.cpp
+++ b/libraries/embedded-webserver/src/HTTPConnection.cpp
@ -55,7 +55,7 @@ HTTPConnection::~HTTPConnection() {

 QHash<QString, QString> HTTPConnection::parseUrlEncodedForm() {
    // make sure we have the correct MIME type
-    QList<QByteArray> elements = _requestHeaders.value("Content-Type").split(';');
+    QList<QByteArray> elements = requestHeader("Content-Type").split(';');

    QString contentType = elements.at(0).trimmed();
    if (contentType != "application/x-www-form-urlencoded") {
@ -75,7 +75,7 @@ QHash<QString, QString> HTTPConnection::parseUrlEncodedForm() {

 QList<FormData> HTTPConnection::parseFormData() const {
    // make sure we have the correct MIME type
-    QList<QByteArray> elements = _requestHeaders.value("Content-Type").split(';');
+    QList<QByteArray> elements = requestHeader("Content-Type").split(';');

    QString contentType = elements.at(0).trimmed();

@ -251,7 +251,7 @@ void HTTPConnection::readHeaders() {
        if (trimmed.isEmpty()) {
            _socket->disconnect(this, SLOT(readHeaders()));

-            QByteArray clength = _requestHeaders.value("Content-Length");
+            QByteArray clength = _requestHeaders.value("content-length");
            if (clength.isEmpty()) {
                _parentManager->handleHTTPRequest(this, _requestUrl);

@ -275,7 +275,7 @@ void HTTPConnection::readHeaders() {
            respond("400 Bad Request", "The header was malformed.");
            return;
        }
-        _lastRequestHeader = trimmed.left(idx);
+        _lastRequestHeader = trimmed.left(idx).toLower();
        QByteArray& value = _requestHeaders[_lastRequestHeader];
        if (!value.isEmpty()) {
            value.append(", ");
--- a/libraries/embedded-webserver/src/HTTPConnection.h
+++ b/libraries/embedded-webserver/src/HTTPConnection.h
@ -72,8 +72,8 @@ public:
    /// Returns a reference to the request URL.
    const QUrl& requestUrl () const { return _requestUrl; }

-    /// Returns a reference to the request headers.
-    const Headers& requestHeaders () const { return _requestHeaders; }
+    /// Returns a copy of the request header value. If it does not exist, it will return a default constructed QByteArray.
+    QByteArray requestHeader(const QString& key) const { return _requestHeaders.value(key.toLower().toLocal8Bit()); }

    /// Returns a reference to the request content.
    const QByteArray& requestContent () const { return _requestContent; }