diff options
Diffstat (limited to 'src/network/access/qhttpheaderparser_p.h')
-rw-r--r-- | src/network/access/qhttpheaderparser_p.h | 49 |
1 files changed, 41 insertions, 8 deletions
diff --git a/src/network/access/qhttpheaderparser_p.h b/src/network/access/qhttpheaderparser_p.h index 7b70b174bf..5e8f3c8130 100644 --- a/src/network/access/qhttpheaderparser_p.h +++ b/src/network/access/qhttpheaderparser_p.h @@ -1,4 +1,4 @@ -// Copyright (C) 2021 The Qt Company Ltd. +// Copyright (C) 2022 The Qt Company Ltd. // SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only #ifndef QHTTPHEADERPARSER_H @@ -16,6 +16,7 @@ // #include <QtNetwork/private/qtnetworkglobal_p.h> +#include <QtNetwork/qhttpheaders.h> #include <QByteArray> #include <QList> @@ -24,7 +25,26 @@ QT_BEGIN_NAMESPACE -class Q_NETWORK_PRIVATE_EXPORT QHttpHeaderParser +namespace HeaderConstants { + +// We previously used 8K, which is common on server side, but it turned out to +// not be enough for various uses. Historically Firefox used 10K as the limit of +// a single field, but some Location headers and Authorization challenges can +// get even longer. Other browsers, such as Chrome, instead have a limit on the +// total size of all the headers (as well as extra limits on some of the +// individual fields). We'll use 100K as our default limit, which would be a ridiculously large +// header, with the possibility to override it where we need to. +static constexpr int MAX_HEADER_FIELD_SIZE = 100 * 1024; +// Taken from http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfields +static constexpr int MAX_HEADER_FIELDS = 100; +// Chromium has a limit on the total size of the header set to 256KB, +// which is a reasonable default for QNetworkAccessManager. +// https://stackoverflow.com/a/3436155 +static constexpr int MAX_TOTAL_HEADER_SIZE = 256 * 1024; + +} + +class Q_NETWORK_EXPORT QHttpHeaderParser { public: QHttpHeaderParser(); @@ -33,7 +53,7 @@ public: bool parseHeaders(QByteArrayView headers); bool parseStatus(QByteArrayView status); - const QList<QPair<QByteArray, QByteArray> >& headers() const; + const QHttpHeaders& headers() const; void setStatusCode(int code); int getStatusCode() const; int getMajorVersion() const; @@ -43,23 +63,36 @@ public: QString getReasonPhrase() const; void setReasonPhrase(const QString &reason); - QByteArray firstHeaderField(const QByteArray &name, + QByteArray firstHeaderField(QByteArrayView name, const QByteArray &defaultValue = QByteArray()) const; - QByteArray combinedHeaderValue(const QByteArray &name, + QByteArray combinedHeaderValue(QByteArrayView name, const QByteArray &defaultValue = QByteArray()) const; - QList<QByteArray> headerFieldValues(const QByteArray &name) const; + QList<QByteArray> headerFieldValues(QByteArrayView name) const; void setHeaderField(const QByteArray &name, const QByteArray &data); void prependHeaderField(const QByteArray &name, const QByteArray &data); void appendHeaderField(const QByteArray &name, const QByteArray &data); - void removeHeaderField(const QByteArray &name); + void removeHeaderField(QByteArrayView name); void clearHeaders(); + void setMaxHeaderFieldSize(qsizetype size) { maxFieldSize = size; } + qsizetype maxHeaderFieldSize() const { return maxFieldSize; } + + void setMaxTotalHeaderSize(qsizetype size) { maxTotalSize = size; } + qsizetype maxTotalHeaderSize() const { return maxTotalSize; } + + void setMaxHeaderFields(qsizetype count) { maxFieldCount = count; } + qsizetype maxHeaderFields() const { return maxFieldCount; } + private: - QList<QPair<QByteArray, QByteArray> > fields; + QHttpHeaders fields; QString reasonPhrase; int statusCode; int majorVersion; int minorVersion; + + qsizetype maxFieldSize = HeaderConstants::MAX_HEADER_FIELD_SIZE; + qsizetype maxTotalSize = HeaderConstants::MAX_TOTAL_HEADER_SIZE; + qsizetype maxFieldCount = HeaderConstants::MAX_HEADER_FIELDS; }; |