diff --git a/actix-web/CHANGES.md b/actix-web/CHANGES.md index 9d09bacbe..0215d8e87 100644 --- a/actix-web/CHANGES.md +++ b/actix-web/CHANGES.md @@ -7,6 +7,7 @@ - Add `HttpServer::shutdown_signal()` method. - Mark `HttpServer` as `#[must_use]`. - Allow SVG images to be compressed by the `Compress` middleware. +- Ignore `Host` header in `Host` guard when connection protocol is HTTP/2. - Re-export `mime` dependency. - Update `brotli` dependency to `8`. diff --git a/actix-web/Cargo.toml b/actix-web/Cargo.toml index afa4eadbc..f64196c77 100644 --- a/actix-web/Cargo.toml +++ b/actix-web/Cargo.toml @@ -166,7 +166,7 @@ smallvec = "1.6.1" tracing = "0.1.30" socket2 = "0.5" time = { version = "0.3", default-features = false, features = ["formatting"] } -url = "2.1" +url = "2.5.4" [dev-dependencies] actix-files = "0.6" diff --git a/actix-web/src/guard/host.rs b/actix-web/src/guard/host.rs index a971a3e30..835662346 100644 --- a/actix-web/src/guard/host.rs +++ b/actix-web/src/guard/host.rs @@ -1,4 +1,4 @@ -use actix_http::{header, uri::Uri, RequestHead}; +use actix_http::{header, uri::Uri, RequestHead, Version}; use super::{Guard, GuardContext}; @@ -66,6 +66,7 @@ fn get_host_uri(req: &RequestHead) -> Option { req.headers .get(header::HOST) .and_then(|host_value| host_value.to_str().ok()) + .filter(|_| req.version < Version::HTTP_2) .or_else(|| req.uri.host()) .and_then(|host| host.parse().ok()) } @@ -123,6 +124,38 @@ mod tests { use super::*; use crate::test::TestRequest; + #[test] + fn host_not_from_header_if_http2() { + let req = TestRequest::default() + .uri("www.rust-lang.org") + .insert_header(( + header::HOST, + header::HeaderValue::from_static("www.example.com"), + )) + .to_srv_request(); + + let host = Host("www.example.com"); + assert!(host.check(&req.guard_ctx())); + + let host = Host("www.rust-lang.org"); + assert!(!host.check(&req.guard_ctx())); + + let req = TestRequest::default() + .version(actix_http::Version::HTTP_2) + .uri("www.rust-lang.org") + .insert_header(( + header::HOST, + header::HeaderValue::from_static("www.example.com"), + )) + .to_srv_request(); + + let host = Host("www.example.com"); + assert!(!host.check(&req.guard_ctx())); + + let host = Host("www.rust-lang.org"); + assert!(host.check(&req.guard_ctx())); + } + #[test] fn host_from_header() { let req = TestRequest::default() diff --git a/justfile b/justfile index a9df2d633..065640827 100644 --- a/justfile +++ b/justfile @@ -41,17 +41,18 @@ check-min: check-default: cargo hack --workspace check -# Run Clippy over workspace. +# Check workspace. check: && clippy + fd --hidden --type=file --extension=md --extension=yml --exec-batch npx -y prettier --check # Run Clippy over workspace. clippy: cargo {{ toolchain }} clippy --workspace --all-targets {{ all_crate_features }} -# Test workspace using MSRV. -test-msrv: +# Run Clippy over workspace using MSRV. +clippy-msrv: @just toolchain={{ msrv_rustup }} downgrade-for-msrv - @just toolchain={{ msrv_rustup }} test + @just toolchain={{ msrv_rustup }} clippy # Test workspace code. test: @@ -60,6 +61,11 @@ test: cargo {{ toolchain }} nextest run --no-tests=warn -p=actix-router --no-default-features cargo {{ toolchain }} nextest run --no-tests=warn --workspace --exclude=actix-web-codegen --exclude=actix-multipart-derive {{ all_crate_features }} --filter-expr="not test(test_reading_deflate_encoding_large_random_rustls)" +# Test workspace using MSRV. +test-msrv: + @just toolchain={{ msrv_rustup }} downgrade-for-msrv + @just toolchain={{ msrv_rustup }} test + # Test workspace docs. test-docs: && doc cargo {{ toolchain }} test --doc --workspace {{ all_crate_features }} --no-fail-fast -- --nocapture