The client now has an option to allow parsing responses with obsolete line folding in headers. The option is off by default, since the spec recommends to reject such things if you can.
An HTTP/2 stream may include a set of headers, and a flag signalling
END-STREAM, even if a `content-length` isn't included. hyper wouldn't
notice, and so the `Body` would report a size-hint of `0..MAX`. hyper
now notices that the stream is ended, and couldn't possibly include any
bytes for the body, and thus will give a size-hint of `0` exactly.
According to rfc2616#section-14.20 the header value is case-insensitive. Certain clients send the expectation as `100-Continue` and this should be handled by the server.
Closes#2708
Adds `Server::http1_header_read_timeout(Duration)`. Setting a duration will determine how long a client has to finish sending all the request headers before trigger a timeout test. This can help reduce resource usage when bad actors open connections without sending full requests.
Closes#2457
The HTTP/1 content-length parser would accept lengths that were prefixed
with a plus sign (for example, `+1234`). The specification restricts the
content-length header to only allow DIGITs, making such a content-length
illegal. Since some HTTP implementations protect against that, and
others mis-interpret the length when the plus sign is present, this
fixes hyper to always reject such content lengths.
See GHSA-f3pg-qwvg-p99c
The HTTP/1 chunked decoder, when decoding the size of a chunk, could
overflow the size if the hex digits were too large. This fixes it by
adding an overflow check in the decoder.
See GHSA-5h46-h7hh-c6x9
The discussion in #2462 opened up some larger questions about more comprehensive approaches to the
error API, with the agreement that additional methods would be desirable in the short term. These
methods address an immediate need of our customers, so I would like to get them in first before we
flesh out a future solution.
One potentially controversial choice here is to still return `true` from `is_parse_error()` for
these variants. I hope the naming of the methods make it clear that the new predicates are
refinements of the existing one, but I didn't want to change the behavior of `is_parse_error()`
which would require a major version bump.
Previously, hyper returned an "Invalid chunk end CR" error on chunked
responses with trailers, as described in RFC 7230 Section 4.1.2. This
commit adds code to ignore the trailers.
Closes#2171
cc #2251
BREAKING CHANGE: This puts all HTTP/1 methods and support behind an
`http1` cargo feature, which will not be enabled by default. To use
HTTP/1, add `features = ["http1"]` to the hyper dependency in your
`Cargo.toml`.
This adds HTTP2 keep-alive support to client and server connections
based losely on GRPC keep-alive. When enabled, after no data has been
received for some configured interval, an HTTP2 PING frame is sent. If
the PING is not acknowledged with a configured timeout, the connection
is closed.
Clients have an additional option to enable keep-alive while the
connection is otherwise idle. When disabled, keep-alive PINGs are only
used while there are open request/response streams. If enabled, PINGs
are sent even when there are no active streams.
For now, since these features use `tokio::time::Delay`, the `runtime`
cargo feature is required to use them.
- Renamed `keep_alive_timeout` to `pool_idle_timeout`.
- Renamed `max_idle_per_host` to `pool_max_idle_per_host`.
- Deprecated `keep_alive(bool)` due to confusing name. To disable the
connection pool, call `pool_max_idle_per_host(0)`.
Before, if a client request included an `Expect: 100-continue` header,
the `100 Continue` response was sent immediately. However, this is
problematic if the service is going to reply with some 4xx status code
and reject the body.
This change delays the automatic sending of the `100 Continue` status
until the service has call `poll_data` on the request body once.
When the body type of a `Request` or `Response` implements `HttpBody`,
the `Request` or `Response` itself now implements `HttpBody`.
This allows writing things like `hyper::body::aggregate(req)` instead of
`hyper::body::aggregate(req.into_body())`.
Closes#2067
Adds utility functions to `hyper::body` to help asynchronously
collecting all the buffers of some `HttpBody` into one.
- `aggregate` will collect all into an `impl Buf` without copying the
contents. This is ideal if you don't need a contiguous buffer.
- `to_bytes` will copy all the data into a single contiguous `Bytes`
buffer.
Instead of returning a tuple `(impl AsyncRead + AsyncWrite, Connected)`,
this adds a new trait, `hyper::client::connect::Connection`, which
allows querying the connection type for a `Connected`.
BREAKING CHANGE: Connectors no longer return a tuple of
`(T, Connected)`, but a single `T: Connection`.
Closes#1903
BREAKING CHANGE: The `Resolve` trait is gone. All custom resolves should
implement `tower::Service` instead.
The error type of `HttpConnector` has been changed away from
`std::io::Error`.
The `Connect` trait is now essentially an alias for
`Service<Destination>`, with a blanket implementation as such, and is
sealed.
Closes#1902
BREAKING CHANGE: Any manual implementations of `Connect` must instead
implement `tower::Service<Destination>`.
