Stream: git-wasmtime

Topic: wasmtime / issue #7737 wasmtime-wasi-http includes absolu...


view this post on Zulip Wasmtime GitHub notifications bot (Jan 02 2024 at 17:08):

arlyon added the bug label to Issue #7737.

view this post on Zulip Wasmtime GitHub notifications bot (Jan 02 2024 at 17:08):

arlyon opened issue #7737:

Thanks for filing a bug report! Please fill out the TODOs below.

Note: if you want to report a security issue, please read our security policy!

Steps to Reproduce

The default outgoing handler inserts the URI as-is into the request in absolute form which should only be used for proxies. It seems we can fix this fairly easily by stripping out the other parts from the uri in here https://github.com/bytecodealliance/wasmtime/blob/main/crates/wasi-http/src/types.rs#L142

+    // remove the scheme and authority from the request
+    *request.uri_mut() = Uri::builder()
+        .path_and_query(
+            request
+                .uri()
+                .path_and_query()
+                .map(|p| p.as_str())
+                .unwrap_or("/"),
+        )
+        .build()
+        .expect("ok");

Otherwise, the absolute form uri will be used as-is, as described here https://github.com/hyperium/hyper/blob/master/src/client/conn/http1.rs#L175-L190.

Expected Results

I expect the http handler _not_ to serialize requests using the absolute uri, since the support for this format is spotty (and potentially goes against the RFC)

Actual Results

The absolute form of the uri ends up in the http packet.

Versions and Environment

Version: Git master + hyper 1.1.0
Operating system: N/A
Architecture: N/A

Extra Info

N/A

view this post on Zulip Wasmtime GitHub notifications bot (Jan 02 2024 at 17:08):

arlyon edited issue #7737:

Thanks for filing a bug report! Please fill out the TODOs below.

Note: if you want to report a security issue, please read our security policy!

Steps to Reproduce

The default outgoing handler inserts the URI as-is into the request in absolute form which should only be used for proxies. It seems we can fix this fairly easily by stripping out the other parts from the uri in here https://github.com/bytecodealliance/wasmtime/blob/main/crates/wasi-http/src/types.rs#L142

+    // remove the scheme and authority from the request
+    *request.uri_mut() = Uri::builder()
+        .path_and_query(
+            request
+                .uri()
+                .path_and_query()
+                .map(|p| p.as_str())
+                .unwrap_or("/"),
+        )
+        .build()
+        .expect("ok");

Otherwise, the absolute form uri will be used as-is, as described here https://github.com/hyperium/hyper/blob/master/src/client/conn/http1.rs#L175-L190.

Expected Results

I expect the http handler _not_ to serialize requests using the absolute uri, since the support for this format is spotty (and potentially goes against the RFC)

Actual Results

The absolute form of the uri ends up in the http packet.

Versions and Environment

Version: Git master + hyper 1.1.0
Operating system: N/A
Architecture: N/A

Extra Info

N/A

```[tasklist]

Tasks

~~~

view this post on Zulip Wasmtime GitHub notifications bot (Jan 02 2024 at 17:09):

arlyon edited issue #7737:

Thanks for filing a bug report! Please fill out the TODOs below.

Note: if you want to report a security issue, please read our security policy!

Steps to Reproduce

The default outgoing handler inserts the URI as-is into the request in absolute form which should only be used for proxies. It seems we can fix this fairly easily by stripping out the other parts from the uri in here https://github.com/bytecodealliance/wasmtime/blob/main/crates/wasi-http/src/types.rs#L142

+    // remove the scheme and authority from the request
+    *request.uri_mut() = Uri::builder()
+        .path_and_query(
+            request
+                .uri()
+                .path_and_query()
+                .map(|p| p.as_str())
+                .unwrap_or("/"),
+        )
+        .build()
+        .expect("ok");

Otherwise, the absolute form uri will be used as-is, as described here https://github.com/hyperium/hyper/blob/master/src/client/conn/http1.rs#L175-L190.

Expected Results

I expect the http handler _not_ to serialize requests using the absolute uri, since the support for this format is spotty (and potentially goes against the RFC)

Actual Results

The absolute form of the uri ends up in the http packet.

Versions and Environment

Version: Git master + hyper 1.1.0
Operating system: N/A
Architecture: N/A

Extra Info

N/A

view this post on Zulip Wasmtime GitHub notifications bot (Jan 04 2024 at 02:34):

pchickey commented on issue #7737:

Thanks - can you send a PR with the fix you outlined above?

view this post on Zulip Wasmtime GitHub notifications bot (Jan 04 2024 at 13:05):

arlyon commented on issue #7737:

PR here https://github.com/bytecodealliance/wasmtime/pull/7747 waiting on CI. I have an issue where it complains about missing witx running locally so if there are test failures I will update them

view this post on Zulip Wasmtime GitHub notifications bot (Jan 05 2024 at 17:14):

alexcrichton closed issue #7737:

Thanks for filing a bug report! Please fill out the TODOs below.

Note: if you want to report a security issue, please read our security policy!

Steps to Reproduce

The default outgoing handler inserts the URI as-is into the request in absolute form which should only be used for proxies. It seems we can fix this fairly easily by stripping out the other parts from the uri in here https://github.com/bytecodealliance/wasmtime/blob/main/crates/wasi-http/src/types.rs#L142

+    // remove the scheme and authority from the request
+    *request.uri_mut() = Uri::builder()
+        .path_and_query(
+            request
+                .uri()
+                .path_and_query()
+                .map(|p| p.as_str())
+                .unwrap_or("/"),
+        )
+        .build()
+        .expect("ok");

Otherwise, the absolute form uri will be used as-is, as described here https://github.com/hyperium/hyper/blob/master/src/client/conn/http1.rs#L175-L190.

Expected Results

I expect the http handler _not_ to serialize requests using the absolute uri, since the support for this format is spotty (and potentially goes against the RFC)

Actual Results

The absolute form of the uri ends up in the http packet.

Versions and Environment

Version: Git master + hyper 1.1.0
Operating system: N/A
Architecture: N/A

Extra Info

N/A


Last updated: Dec 23 2024 at 12:05 UTC