You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Log FINE io.helidon.webserver.http1.Http1Connection: io.helidon.http.RequestException: Invalid protocol and/or version
Return 400 Bad Request
Event though this is functionally correct, as we do not support HTTP/1.0, it may be better to do a bit more:
Log (still in FINE, must not use any level above it): "Unsupported protocol: HTTP/1.0" - make sure the text taken from the request is clean, as it is user provided, so it may contain attempts to attack us (there are already tools for that, see header validation)
Return 505 HTTP Version Not Supported for the case we get any other version than 1.1 for HTTP, sending a descriptive message in the entity (i.e. HTTP/1.0 is not supported, please use HTTP/1.1 or something similar) (again make sure the returned value is a valid string)
Currently we:
FINE io.helidon.webserver.http1.Http1Connection: io.helidon.http.RequestException: Invalid protocol and/or version400 Bad RequestEvent though this is functionally correct, as we do not support HTTP/1.0, it may be better to do a bit more:
FINE, must not use any level above it): "Unsupported protocol: HTTP/1.0" - make sure the text taken from the request is clean, as it is user provided, so it may contain attempts to attack us (there are already tools for that, see header validation)505 HTTP Version Not Supportedfor the case we get any other version than1.1for HTTP, sending a descriptive message in the entity (i.e. HTTP/1.0 is not supported, please use HTTP/1.1 or something similar) (again make sure the returned value is a valid string)This is a follow up for #9604
The text was updated successfully, but these errors were encountered: