Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP提前解析MultipartForm导致的问题 #2356

Open
fibbery opened this issue Nov 10, 2023 · 0 comments
Open

HTTP提前解析MultipartForm导致的问题 #2356

fibbery opened this issue Nov 10, 2023 · 0 comments

Comments

@fibbery
Copy link
Contributor

fibbery commented Nov 10, 2023

mosn/pkg/stream/http/stream.go

Line 512 in 9409ffa

err := request.ReadLimitBody(conn.br, maxRequestBodySize)

这里解析Http请求直接使用的fasthttp的ReadLimitBody方式,但是这存在一个问题,它这里默认提前对MultipartForm类型进行了body解析,如图:
image

这里稍微解析出错,可能会导致body解析的内容缺少,然后导致转发的时候缺少body内容。

这里默认情况,作为网关,是不是不应该对body内容进行解析,只做转发即可,用户需要解析form这类的情况,自己再另行处理。
这里更多考虑的是兼容性问题

举例:
目前MultipartForm格式标准如下:

POST /upload HTTP/1.1
Host: example.com
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="file"; filename="example.txt"
Content-Type: text/plain

This is an example file.

------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="submit"

Upload File
------WebKitFormBoundary7MA4YWxkTrZu0gW--

但是假如我其中一个part缺少了Content-Disposition字段,那么就会导致解析出来的body缺失一段数据,从而导致转发到后端的请求body内容缺失
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fibbery