Add a new extension type `hyper::ext::ReasonPhrase` gated by either the `ffi` or `http1` Cargo
features. When enabled, store any non-canonical reason phrases in this extension when parsing
responses, and write this reason phrase instead of the canonical reason phrase when emitting
responses.
Reason phrases are a disused corner of the spec that implementations ought to treat as opaque blobs
of bytes. Unfortunately, real-world traffic sometimes does depend on being able to inspect and
manipulate them.
Non-canonical reason phrases are checked for validity at runtime to prevent invalid and dangerous
characters from being emitted when writing responses. An `unsafe` escape hatch is present for hyper
itself to create reason phrases that have been parsed (and therefore implicitly validated) by
httparse.
An HTTP/2 stream may include a set of headers, and a flag signalling
END-STREAM, even if a `content-length` isn't included. hyper wouldn't
notice, and so the `Body` would report a size-hint of `0..MAX`. hyper
now notices that the stream is ended, and couldn't possibly include any
bytes for the body, and thus will give a size-hint of `0` exactly.
According to rfc2616#section-14.20 the header value is case-insensitive. Certain clients send the expectation as `100-Continue` and this should be handled by the server.
Closes#2708
Adds `Server::http1_header_read_timeout(Duration)`. Setting a duration will determine how long a client has to finish sending all the request headers before trigger a timeout test. This can help reduce resource usage when bad actors open connections without sending full requests.
Closes#2457
The HTTP/1 content-length parser would accept lengths that were prefixed
with a plus sign (for example, `+1234`). The specification restricts the
content-length header to only allow DIGITs, making such a content-length
illegal. Since some HTTP implementations protect against that, and
others mis-interpret the length when the plus sign is present, this
fixes hyper to always reject such content lengths.
See GHSA-f3pg-qwvg-p99c
The HTTP/1 chunked decoder, when decoding the size of a chunk, could
overflow the size if the hex digits were too large. This fixes it by
adding an overflow check in the decoder.
See GHSA-5h46-h7hh-c6x9
cc #2251
BREAKING CHANGE: This puts all HTTP/1 methods and support behind an
`http1` cargo feature, which will not be enabled by default. To use
HTTP/1, add `features = ["http1"]` to the hyper dependency in your
`Cargo.toml`.
This adds HTTP2 keep-alive support to client and server connections
based losely on GRPC keep-alive. When enabled, after no data has been
received for some configured interval, an HTTP2 PING frame is sent. If
the PING is not acknowledged with a configured timeout, the connection
is closed.
Clients have an additional option to enable keep-alive while the
connection is otherwise idle. When disabled, keep-alive PINGs are only
used while there are open request/response streams. If enabled, PINGs
are sent even when there are no active streams.
For now, since these features use `tokio::time::Delay`, the `runtime`
cargo feature is required to use them.
Before, if a client request included an `Expect: 100-continue` header,
the `100 Continue` response was sent immediately. However, this is
problematic if the service is going to reply with some 4xx status code
and reject the body.
This change delays the automatic sending of the `100 Continue` status
until the service has call `poll_data` on the request body once.
When the body type of a `Request` or `Response` implements `HttpBody`,
the `Request` or `Response` itself now implements `HttpBody`.
This allows writing things like `hyper::body::aggregate(req)` instead of
`hyper::body::aggregate(req.into_body())`.
Closes#2067
Instead of returning a tuple `(impl AsyncRead + AsyncWrite, Connected)`,
this adds a new trait, `hyper::client::connect::Connection`, which
allows querying the connection type for a `Connected`.
BREAKING CHANGE: Connectors no longer return a tuple of
`(T, Connected)`, but a single `T: Connection`.
Detecting a read hangup is a useful way to determine that a connection
has closed. It's also possible that a client shuts down its read half
without closing the connection, but this is rarer. Thus, by default,
hyper will now assume a read EOF means the connection has closed.
BREAKING CHANGE: The server's behavior will now by default close
connections when receiving a read EOF. To allow for clients to close
the read half, call `http1_half_close(true)` when configuring a
server.
The previous version is renamed to `try_send_data`.
BREAKING CHANGE: Usage of `send_data` should either be changed to
async/await or use `try_send_data`.
These tests were temporarily disabled during the migration to the
`std::future::Future` type that's part of the stable Rust now.
This commit updates the tests after the breaking changes and makes them
pass again.
The `Error::source()` is searched for an `h2::Error` to allow sending
different error codes in the GOAWAY. If none is found, it defaults to
`INTERNAL_ERROR`.
This option determines whether a read EOF should close the connection
automatically. The behavior was to always allow read EOF while waiting
to respond, so this option has a default of `true`.
Setting this option to `false` will allow Service futures to be canceled
as soon as disconnect is noticed.
Closes#1716
