summaryrefslogtreecommitdiffstats
path: root/src/network/access/qhttpheaderparser_p.h
diff options
context:
space:
mode:
Diffstat (limited to 'src/network/access/qhttpheaderparser_p.h')
-rw-r--r--src/network/access/qhttpheaderparser_p.h87
1 files changed, 42 insertions, 45 deletions
diff --git a/src/network/access/qhttpheaderparser_p.h b/src/network/access/qhttpheaderparser_p.h
index cc8b91c84f..5e8f3c8130 100644
--- a/src/network/access/qhttpheaderparser_p.h
+++ b/src/network/access/qhttpheaderparser_p.h
@@ -1,41 +1,5 @@
-/****************************************************************************
-**
-** Copyright (C) 2021 The Qt Company Ltd.
-** Contact: https://www.qt.io/licensing/
-**
-** This file is part of the QtNetwork module of the Qt Toolkit.
-**
-** $QT_BEGIN_LICENSE:LGPL$
-** Commercial License Usage
-** Licensees holding valid commercial Qt licenses may use this file in
-** accordance with the commercial license agreement provided with the
-** Software or, alternatively, in accordance with the terms contained in
-** a written agreement between you and The Qt Company. For licensing terms
-** and conditions see https://www.qt.io/terms-conditions. For further
-** information use the contact form at https://www.qt.io/contact-us.
-**
-** GNU Lesser General Public License Usage
-** Alternatively, this file may be used under the terms of the GNU Lesser
-** General Public License version 3 as published by the Free Software
-** Foundation and appearing in the file LICENSE.LGPL3 included in the
-** packaging of this file. Please review the following information to
-** ensure the GNU Lesser General Public License version 3 requirements
-** will be met: https://www.gnu.org/licenses/lgpl-3.0.html.
-**
-** GNU General Public License Usage
-** Alternatively, this file may be used under the terms of the GNU
-** General Public License version 2.0 or (at your option) the GNU General
-** Public license version 3 or any later version approved by the KDE Free
-** Qt Foundation. The licenses are as published by the Free Software
-** Foundation and appearing in the file LICENSE.GPL2 and LICENSE.GPL3
-** included in the packaging of this file. Please review the following
-** information to ensure the GNU General Public License requirements will
-** be met: https://www.gnu.org/licenses/gpl-2.0.html and
-** https://www.gnu.org/licenses/gpl-3.0.html.
-**
-** $QT_END_LICENSE$
-**
-****************************************************************************/
+// Copyright (C) 2022 The Qt Company Ltd.
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
#ifndef QHTTPHEADERPARSER_H
#define QHTTPHEADERPARSER_H
@@ -52,6 +16,7 @@
//
#include <QtNetwork/private/qtnetworkglobal_p.h>
+#include <QtNetwork/qhttpheaders.h>
#include <QByteArray>
#include <QList>
@@ -60,7 +25,26 @@
QT_BEGIN_NAMESPACE
-class Q_NETWORK_PRIVATE_EXPORT QHttpHeaderParser
+namespace HeaderConstants {
+
+// We previously used 8K, which is common on server side, but it turned out to
+// not be enough for various uses. Historically Firefox used 10K as the limit of
+// a single field, but some Location headers and Authorization challenges can
+// get even longer. Other browsers, such as Chrome, instead have a limit on the
+// total size of all the headers (as well as extra limits on some of the
+// individual fields). We'll use 100K as our default limit, which would be a ridiculously large
+// header, with the possibility to override it where we need to.
+static constexpr int MAX_HEADER_FIELD_SIZE = 100 * 1024;
+// Taken from http://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfields
+static constexpr int MAX_HEADER_FIELDS = 100;
+// Chromium has a limit on the total size of the header set to 256KB,
+// which is a reasonable default for QNetworkAccessManager.
+// https://stackoverflow.com/a/3436155
+static constexpr int MAX_TOTAL_HEADER_SIZE = 256 * 1024;
+
+}
+
+class Q_NETWORK_EXPORT QHttpHeaderParser
{
public:
QHttpHeaderParser();
@@ -69,7 +53,7 @@ public:
bool parseHeaders(QByteArrayView headers);
bool parseStatus(QByteArrayView status);
- const QList<QPair<QByteArray, QByteArray> >& headers() const;
+ const QHttpHeaders& headers() const;
void setStatusCode(int code);
int getStatusCode() const;
int getMajorVersion() const;
@@ -79,23 +63,36 @@ public:
QString getReasonPhrase() const;
void setReasonPhrase(const QString &reason);
- QByteArray firstHeaderField(const QByteArray &name,
+ QByteArray firstHeaderField(QByteArrayView name,
const QByteArray &defaultValue = QByteArray()) const;
- QByteArray combinedHeaderValue(const QByteArray &name,
+ QByteArray combinedHeaderValue(QByteArrayView name,
const QByteArray &defaultValue = QByteArray()) const;
- QList<QByteArray> headerFieldValues(const QByteArray &name) const;
+ QList<QByteArray> headerFieldValues(QByteArrayView name) const;
void setHeaderField(const QByteArray &name, const QByteArray &data);
void prependHeaderField(const QByteArray &name, const QByteArray &data);
void appendHeaderField(const QByteArray &name, const QByteArray &data);
- void removeHeaderField(const QByteArray &name);
+ void removeHeaderField(QByteArrayView name);
void clearHeaders();
+ void setMaxHeaderFieldSize(qsizetype size) { maxFieldSize = size; }
+ qsizetype maxHeaderFieldSize() const { return maxFieldSize; }
+
+ void setMaxTotalHeaderSize(qsizetype size) { maxTotalSize = size; }
+ qsizetype maxTotalHeaderSize() const { return maxTotalSize; }
+
+ void setMaxHeaderFields(qsizetype count) { maxFieldCount = count; }
+ qsizetype maxHeaderFields() const { return maxFieldCount; }
+
private:
- QList<QPair<QByteArray, QByteArray> > fields;
+ QHttpHeaders fields;
QString reasonPhrase;
int statusCode;
int majorVersion;
int minorVersion;
+
+ qsizetype maxFieldSize = HeaderConstants::MAX_HEADER_FIELD_SIZE;
+ qsizetype maxTotalSize = HeaderConstants::MAX_TOTAL_HEADER_SIZE;
+ qsizetype maxFieldCount = HeaderConstants::MAX_HEADER_FIELDS;
};