mirror
/
nginx
mirror of https://github.com/nginx/nginx
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CONNECT method support for HTTP/1.1. 

The change allows modules to use the CONNECT method with HTTP/1.1 requests.
To do so, they need to set the "allow_connect" flag in the core server
configuration.
This commit is contained in:
Roman Arutyunyan 2025-09-23 15:03:52 +04:00 committed by Roman Arutyunyan
parent c8c7beb96f
commit 42ca3a4576
4 changed files with 50 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/http/modules/ngx_http_chunked_filter_module.c
View File

@ -66,7 +66,9 @@ ngx_http_chunked_header_filter(ngx_http_request_t *r)
|| r->headers_out.status == NGX_HTTP_NO_CONTENT || r->headers_out.status == NGX_HTTP_NO_CONTENT
|| r->headers_out.status < NGX_HTTP_OK || r->headers_out.status < NGX_HTTP_OK
|| r != r->main || r != r->main
|| r->method == NGX_HTTP_HEAD) || r->method == NGX_HTTP_HEAD
|| (r->method == NGX_HTTP_CONNECT
&& r->headers_out.status < NGX_HTTP_SPECIAL_RESPONSE))
{ {
return ngx_http_next_header_filter(r); return ngx_http_next_header_filter(r);
} }

1
src/http/ngx_http_core_module.h
View File

@ -206,6 +206,7 @@ typedef struct {
#if (NGX_PCRE) #if (NGX_PCRE)
unsigned captures:1; unsigned captures:1;
#endif #endif
unsigned allow_connect:1;
ngx_http_core_loc_conf_t **named_locations; ngx_http_core_loc_conf_t **named_locations;
} ngx_http_core_srv_conf_t; } ngx_http_core_srv_conf_t;

40
src/http/ngx_http_parse.c
View File

@ -111,6 +111,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
sw_schema, sw_schema,
sw_schema_slash, sw_schema_slash,
sw_schema_slash_slash, sw_schema_slash_slash,
sw_spaces_before_host,
sw_host_start, sw_host_start,
sw_host, sw_host,
sw_host_end, sw_host_end,
@ -158,6 +159,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
if (ch == ' ') { if (ch == ' ') {
r->method_end = p - 1; r->method_end = p - 1;
m = r->request_start; m = r->request_start;
state = sw_spaces_before_uri;
switch (p - m) { switch (p - m) {
@ -247,6 +249,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
if (ngx_str7_cmp(m, 'C', 'O', 'N', 'N', 'E', 'C', 'T', ' ')) if (ngx_str7_cmp(m, 'C', 'O', 'N', 'N', 'E', 'C', 'T', ' '))
{ {
r->method = NGX_HTTP_CONNECT; r->method = NGX_HTTP_CONNECT;
state = sw_spaces_before_host;
} }
break; break;
@ -269,7 +272,6 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
break; break;
} }
state = sw_spaces_before_uri;
break; break;
} }
@ -345,6 +347,14 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
} }
break; break;
case sw_spaces_before_host:
if (ch == ' ') {
break;
}
/* fall through */
case sw_host_start: case sw_host_start:
r->host_start = p; r->host_start = p;
@ -375,6 +385,15 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
r->host_end = p; r->host_end = p;
if (r->method == NGX_HTTP_CONNECT) {
if (ch == ':') {
state = sw_port;
break;
}
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
switch (ch) { switch (ch) {
case ':': case ':':
state = sw_port; state = sw_port;
@ -454,6 +473,15 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
break; break;
} }
if (r->method == NGX_HTTP_CONNECT) {
if (ch == ' ') {
state = sw_http_09;
break;
}
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
switch (ch) { switch (ch) {
case '/': case '/':
r->uri_start = p; r->uri_start = p;
@ -689,6 +717,16 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
case sw_http_HTTP: case sw_http_HTTP:
switch (ch) { switch (ch) {
case '/': case '/':
/*
* use single "/" from request line to preserve pointers,
* if request line will be copied to large client buffer
*/
if (r->method == NGX_HTTP_CONNECT) {
r->uri_start = p;
r->uri_end = p + 1;
}
state = sw_first_major_digit; state = sw_first_major_digit;
break; break;
default: default:

8
src/http/ngx_http_request.c
View File

@ -1997,6 +1997,8 @@ ngx_http_process_user_agent(ngx_http_request_t *r, ngx_table_elt_t *h,
static ngx_int_t static ngx_int_t
ngx_http_process_request_header(ngx_http_request_t *r) ngx_http_process_request_header(ngx_http_request_t *r)
{ {
ngx_http_core_srv_conf_t *cscf;
if (r->headers_in.server.len == 0 if (r->headers_in.server.len == 0
&& ngx_http_set_virtual_server(r, &r->headers_in.server) && ngx_http_set_virtual_server(r, &r->headers_in.server)
== NGX_ERROR) == NGX_ERROR)
@ -2065,7 +2067,11 @@ ngx_http_process_request_header(ngx_http_request_t *r)
} }
} }
if (r->method == NGX_HTTP_CONNECT) { cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
if (r->method == NGX_HTTP_CONNECT
&& (r->http_version != NGX_HTTP_VERSION_11 || !cscf->allow_connect))
{
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
"client sent CONNECT method"); "client sent CONNECT method");
ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED); ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED);