Currently, the header read timeout is started before any part of the first request is received. This allows closing the connection if no requests are received. However, after the first request, the connection can remain open indefinitely. This change ensures that the header read timeout is started immediately after the connection is idle, following the transmission of the response, before the first part of the subsequent request is received.
This change allows a potential future addition of an idle_timeout, which if set, would be used instead of the header_read_timeout. This behavior is matched in other servers, such as Golang.
Fixes#3780Closes#3781
This includes conditions where hyper knows the connection will end after the response, such as a request error that ruins the connection, or when graceful shutdown is triggered.
Closes#3720
If a chunked body had valid chunks, but ended without a `0` in the final
chunk (so, just `\r\n\r\n`), it would be parsed as a valid end. Now it
will be rejected as the final chunk MUST be `0\r\n\r\n`.
This was partially done before, but only if there were no chunks before
the final. This fixes both paths.
The `http1_header_read_timeout` used to start once there was a single
read of headers. This change makes it start the timer immediately, right
when the connection is estabilished.
This allows receiving HTTP/1 chunked trailers, both as a client
and as a server.
The number of trailer pairs is limited to 1024.
The size of the trailer fields is limited. The limit accounts for a
single, very large trailer field or many trailer fields that exceed the
limit in aggregate.
Closes#2703
hyper's `Error` used to print the error source automatically, preferring
to provide a better default for users who do not know about `Report`.
But, to fit better with the wider ecosystem, this changes the format to
only print the hyper `Error` itself, and not its source.
Closes#2844
BREAKING CHANGE: The format no longer prints the error chain. Be sure to
check if you are logging errors directly.
The `Error::message()` method is removed, it is no longer needed.
The `Error::into_cause()` method is removed.
This replaces the usage of `tokio::io::{AsyncRead, AsyncWrite}` in hyper's public API with new traits in the `hyper::rt` module.
Closes#3110
BREAKING CHANGE: Any IO transport type provided must not implement `hyper::rt::{Read, Write}` instead of
`tokio::io` traits. You can grab a helper type from `hyper-util` to wrap Tokio types, or implement the traits yourself,
if it's a custom type.
fix issue in the graceful shutdown logic
which causes the connection future to hang
when graceful shutdown is called prior to any
requests being made. This fix checks to see
if the connection is still in its initial state
when disable_keep_alive is called, and starts the
shutdown process if it is.
This addresses issue #2730
Co-authored-by: Robin Seitz <roseitz@microsoft.com>
change Service::call to take &self instead of &mut self.
Because of this change, the trait bound in the service::util::service_fn and
the trait bound in the impl for the ServiceFn struct were changed from FnMut to Fn.
This change was decided on for the following reasons:
- It prepares the way for async fn,
since then the future only borrows &self, and thus a Service can concurrently handle
multiple outstanding requests at once.
- It's clearer that Services can likely be cloned
- To share state across clones you generally need Arc<Mutex<_>>
that means you're not really using the &mut self and could do with a &self
Closes#3040
BREAKING CHANGE: The Service::call function no longer takes a mutable reference to self.
The FnMut trait bound on the service::util::service_fn function and the trait bound
on the impl for the ServiceFn struct were changed from FnMut to Fn.
This commit removes `common::Exec::Default` that just panics when used. We are
removing `tokio`, leaving `Exec::Default` with no implementation and
panics when `Exec::execute` is called.
Since `Exec::Default` has no purpose, it is being removed and user
should now provide an implementation of executor.
Closes#3128
BREAKING CHANGE: `hyper::client::conn::Http2::Builder::new` now requires an executor argument.
This is a continuation of work on #1675 issue. It slightly
reduces the number of duplicated code by using one common function for
init a logger and creating tcp listener for tests.
The `Body` trait was adjusted to be forwards compatible with adding new
frame types. That resulted in changing from `poll_data` and `poll_trailers`
to a single `poll_frame` function. More can be learned from the proposal
in https://github.com/hyperium/hyper/issues/2840.
Closes#3010
BREAKING CHANGE: The polling functions of the `Body` trait have been
redesigned.
The free functions `hyper::body::to_bytes` and `aggregate` have been
removed. Similar functionality is on
`http_body_util::BodyExt::collect`.
The connection types have been split into version-specific types, in the
`server::conn::{http1, http2}` modules.
Closes#3012
BREAKING CHANGE: Either choose a version-specific `Connection` type, or
look for the auto-version type in `hyper-util`.
- There is no longer a `runtime` feature to enable in the `Cargo.toml.`
- Forgetting to set an executor will now panic.
Closes#2857
BREAKING CHANGE: No longer need to enable a `runtime` feature. All connection builders should set an executor.
This removes the dependency on `tower-service`, and simplifies the `Service` trait to be used by hyper's server connections.
Closes#2853
BREAKING CHANGE: Change any manual `impl tower::Service` to implement `hyper::service::Service` instead. The `poll_ready` method has been removed.
This adds a `hyper::rt::Timer` trait, and it is used in connection
builders to configure a custom timer source for timeouts.
Co-authored-by: Robert Cunningham <robertvcunningham@gmail.com>
Now that the concrete `Body` type has been temporarily replaced with `Recv` in #2966,
we can rename and export `http_body::Body` as just `Body` instead of `HttpBody`.
Closes#2839
BREAKING CHANGE: The trait has been renamed.
The constructors of `hyper::Body` from a full bytes are removed. Along
with `Body::empty()`.
BREAKING CHANGE: Use the types from `http-body-util`.
Co-authored-by: Xuanwo <github@xuanwo.io>
This removes the `tcp` feature from hyper's `Cargo.toml`, and the code it enabled:
- `HttpConnector`
- `GaiResolver`
- `AddrStream`
And parts of `Client` and `Server` that used those types. Alternatives will be available in the `hyper-util` crate.
Closes#2856
Co-authored-by: MrGunflame <mrgunflame@protonmail.com>
Add a new extension type `hyper::ext::ReasonPhrase` gated by either the `ffi` or `http1` Cargo
features. When enabled, store any non-canonical reason phrases in this extension when parsing
responses, and write this reason phrase instead of the canonical reason phrase when emitting
responses.
Reason phrases are a disused corner of the spec that implementations ought to treat as opaque blobs
of bytes. Unfortunately, real-world traffic sometimes does depend on being able to inspect and
manipulate them.
Non-canonical reason phrases are checked for validity at runtime to prevent invalid and dangerous
characters from being emitted when writing responses. An `unsafe` escape hatch is present for hyper
itself to create reason phrases that have been parsed (and therefore implicitly validated) by
httparse.
An HTTP/2 stream may include a set of headers, and a flag signalling
END-STREAM, even if a `content-length` isn't included. hyper wouldn't
notice, and so the `Body` would report a size-hint of `0..MAX`. hyper
now notices that the stream is ended, and couldn't possibly include any
bytes for the body, and thus will give a size-hint of `0` exactly.
According to rfc2616#section-14.20 the header value is case-insensitive. Certain clients send the expectation as `100-Continue` and this should be handled by the server.
Closes#2708
Adds `Server::http1_header_read_timeout(Duration)`. Setting a duration will determine how long a client has to finish sending all the request headers before trigger a timeout test. This can help reduce resource usage when bad actors open connections without sending full requests.
Closes#2457
The HTTP/1 content-length parser would accept lengths that were prefixed
with a plus sign (for example, `+1234`). The specification restricts the
content-length header to only allow DIGITs, making such a content-length
illegal. Since some HTTP implementations protect against that, and
others mis-interpret the length when the plus sign is present, this
fixes hyper to always reject such content lengths.
See GHSA-f3pg-qwvg-p99c
The HTTP/1 chunked decoder, when decoding the size of a chunk, could
overflow the size if the hex digits were too large. This fixes it by
adding an overflow check in the decoder.
See GHSA-5h46-h7hh-c6x9
cc #2251
BREAKING CHANGE: This puts all HTTP/1 methods and support behind an
`http1` cargo feature, which will not be enabled by default. To use
HTTP/1, add `features = ["http1"]` to the hyper dependency in your
`Cargo.toml`.
