-
Notifications
You must be signed in to change notification settings - Fork 24.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OkHttp is more strict than other http libraries. (#21231)
Summary: It crashes with IllegalStateException in case you pass a wrong URL. It crashes if it meets unexpected symbols in the header name and value, while standard says it is not recommended to use those symbols not that they are prohibited. The headers handing is a special use case as a client might have an auth token in the header. In this case, we want to get 401 error response from the server to find out that token is wrong. In case of the onerror client will continue to retry with an existing token. [ANDROID][Fixed] - Networking: Passing invalid URL not crashes the app instead onerror callback of HttpClient is called. Invalid symbols are stripped from the headers to allow HTTP query to fail with 401 error code in case of the broken token. Pull Request resolved: #21231 Reviewed By: axe-fb Differential Revision: D10222129 Pulled By: hramos fbshipit-source-id: b23340692d0fb059a90e338fa85ad4d9612275f2
- Loading branch information
1 parent
fe3aebf
commit aad4dbb
Showing
4 changed files
with
148 additions
and
4 deletions.
There are no files selected for viewing
47 changes: 47 additions & 0 deletions
47
ReactAndroid/src/main/java/com/facebook/react/modules/network/HeaderUtil.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/** | ||
* Copyright (c) Facebook, Inc. and its affiliates. | ||
* | ||
* This source code is licensed under the MIT license found in the | ||
* LICENSE file in the root directory of this source tree. | ||
*/ | ||
|
||
package com.facebook.react.modules.network; | ||
|
||
/** | ||
* | ||
* The class purpose is to weaken too strict OkHttp restriction on http headers. | ||
* See: https://github.com/square/okhttp/issues/2016 | ||
* Auth headers might have an Authentication information. It is better to get 401 from the | ||
* server in this case, rather than non descriptive error as 401 could be handled to invalidate | ||
* the wrong token in the client code. | ||
*/ | ||
public class HeaderUtil { | ||
|
||
public static String stripHeaderName(String name) { | ||
StringBuilder builder = new StringBuilder(name.length()); | ||
boolean modified = false; | ||
for (int i = 0, length = name.length(); i < length; i++) { | ||
char c = name.charAt(i); | ||
if (c > '\u0020' && c < '\u007f') { | ||
builder.append(c); | ||
} else { | ||
modified = true; | ||
} | ||
} | ||
return modified ? builder.toString() : name; | ||
} | ||
|
||
public static String stripHeaderValue(String value) { | ||
StringBuilder builder = new StringBuilder(value.length()); | ||
boolean modified = false; | ||
for (int i = 0, length = value.length(); i < length; i++) { | ||
char c = value.charAt(i); | ||
if ((c > '\u001f' && c < '\u007f') || c == '\t' ) { | ||
builder.append(c); | ||
} else { | ||
modified = true; | ||
} | ||
} | ||
return modified ? builder.toString() : value; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
76 changes: 76 additions & 0 deletions
76
ReactAndroid/src/test/java/com/facebook/react/modules/network/HeaderUtilTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
/** | ||
* Copyright (c) Facebook, Inc. and its affiliates. | ||
* | ||
* This source code is licensed under the MIT license found in the | ||
* LICENSE file in the root directory of this source tree. | ||
*/ | ||
|
||
package com.facebook.react.modules.network; | ||
|
||
import org.junit.Test; | ||
|
||
import static org.junit.Assert.assertEquals; | ||
|
||
public class HeaderUtilTest { | ||
public static final String TABULATION_TEST = "\teyJhbGciOiJS\t"; | ||
public static final String TABULATION_STRIP_EXPECTED = "eyJhbGciOiJS"; | ||
public static final String NUMBERS_TEST = "0123456789"; | ||
public static final String SPECIALS_TEST = "!@#$%^&*()-=_+{}[]\\|;:'\",.<>/?"; | ||
public static final String ALPHABET_TEST = "abcdefghijklmnopqrstuvwxyzABCDEFGHIGKLMNOPQRSTUVWHYZ"; | ||
public static final String VALUE_BANNED_SYMBOLS_TEST = "���name�����������\u007f\u001f"; | ||
public static final String NAME_BANNED_SYMBOLS_TEST = "���name�����������\u007f\u0020\u001f"; | ||
public static final String BANNED_TEST_EXPECTED = "name"; | ||
|
||
@Test | ||
public void nameStripKeepsLetters() { | ||
assertEquals(ALPHABET_TEST, HeaderUtil.stripHeaderName(ALPHABET_TEST)); | ||
|
||
} | ||
|
||
@Test | ||
public void valueStripKeepsLetters() { | ||
assertEquals(ALPHABET_TEST, HeaderUtil.stripHeaderValue(ALPHABET_TEST)); | ||
} | ||
|
||
@Test | ||
public void nameStripKeepsNumbers() { | ||
assertEquals(NUMBERS_TEST, HeaderUtil.stripHeaderName(NUMBERS_TEST)); | ||
|
||
} | ||
|
||
@Test | ||
public void valueStripKeepsNumbers() { | ||
assertEquals(NUMBERS_TEST, HeaderUtil.stripHeaderValue(NUMBERS_TEST)); | ||
} | ||
|
||
@Test | ||
public void valueStripKeepsSpecials() { | ||
assertEquals(SPECIALS_TEST, HeaderUtil.stripHeaderValue(SPECIALS_TEST)); | ||
} | ||
|
||
@Test | ||
public void nameStripKeepsSpecials() { | ||
assertEquals(SPECIALS_TEST, HeaderUtil.stripHeaderName(SPECIALS_TEST)); | ||
} | ||
|
||
@Test | ||
public void valueStripKeepsTabs() { | ||
assertEquals(TABULATION_TEST, HeaderUtil.stripHeaderValue(TABULATION_TEST)); | ||
} | ||
|
||
@Test | ||
public void nameStripDeletesTabs() { | ||
assertEquals(TABULATION_STRIP_EXPECTED, HeaderUtil.stripHeaderName(TABULATION_TEST)); | ||
} | ||
|
||
@Test | ||
public void valueStripRemovesExtraSymbols() { | ||
assertEquals(BANNED_TEST_EXPECTED, HeaderUtil.stripHeaderValue(VALUE_BANNED_SYMBOLS_TEST)); | ||
} | ||
|
||
@Test | ||
public void nameStripRemovesExtraSymbols() { | ||
assertEquals(BANNED_TEST_EXPECTED, HeaderUtil.stripHeaderName(NAME_BANNED_SYMBOLS_TEST)); | ||
} | ||
|
||
} |