Invalid HttpRequest kills HttpServer

[DartBot]

This issue was originally filed by demis.bellot...@gmail.com

---

I was doing 'telnet localhost 8000' and the Dart HttpServer crashes on some simple mal-formed HTTP:

GET /

and got:

Unhandled exception:
HttpParserException: Invalid request URI
 0. Function: '_HttpServer@19ffb8b9.function' url: 'dart:io' line:510 col:388
 1. Function: '_HttpConnection@19ffb8b9._onConnectionClosed@19ffb8b9' url: 'dart:io' line:497 col:133
 2. Function: '_HttpConnectionBase@19ffb8b9._onError@19ffb8b9' url: 'dart:io' line:487 col:237
 3. Function: '_HttpConnection@19ffb8b9.function' url: 'dart:io' line:497 col:1
 4. Function: '_HttpParser@19ffb8b9.writeList' url: 'dart:io' line:673 col:22
 5. Function: '_HttpConnectionBase@19ffb8b9._onData@19ffb8b9' url: 'dart:io' line:486 col:71
 6. Function: '_SocketBase@19ffb8b9._multiplex@19ffb8b9' url: 'dart:io' line:926 col:1
 7. Function: '_SocketBase@19ffb8b9.function' url: 'dart:io' line:942 col:142
 8. Function: '_ReceivePortImpl@38422f21._handleMessage@38422f21' url: 'dart:isolate' line:19 col:46

GET / h

listening on 8000...
Unhandled exception:
HttpParserException: Failed to parse HTTP
 0. Function: '_HttpServer@19ffb8b9.function' url: 'dart:io' line:510 col:388
 1. Function: '_HttpConnection@19ffb8b9._onConnectionClosed@19ffb8b9' url: 'dart:io' line:497 col:133
 2. Function: '_HttpConnectionBase@19ffb8b9._onError@19ffb8b9' url: 'dart:io' line:487 col:237
 3. Function: '_HttpConnection@19ffb8b9.function' url: 'dart:io' line:497 col:1
 4. Function: '_HttpParser@19ffb8b9.writeList' url: 'dart:io' line:673 col:22
 5. Function: '_HttpConnectionBase@19ffb8b9._onData@19ffb8b9' url: 'dart:io' line:486 col:71
 6. Function: '_SocketBase@19ffb8b9._multiplex@19ffb8b9' url: 'dart:io' line:926 col:1
 7. Function: '_SocketBase@19ffb8b9.function' url: 'dart:io' line:942 col:142
 8. Function: '_ReceivePortImpl@38422f21._handleMessage@38422f21' url: 'dart:isolate' line:19 col:46

The Http Server should be resilient enough not to crash when it receives invalid HTTP.
If throwing these exceptions is expected behaviour how do we catch it and prevent it from taking the server down?

[DartBot]

This comment was originally written by demis.bello...@gmail.com

---

Also Dart can't handle reverse proxy requests from nginx (a very popular story we should be supporting), this is the StackTrace I get:

Unhandled exception:
HttpException: Content length required for HTTP 1.0
 0. Function: '_HttpResponse@19ffb8b9._writeHeader@19ffb8b9' url: 'dart:io' line:464 col:34
 1. Function: '_HttpRequestResponseBase@19ffb8b9._ensureHeadersSent@19ffb8b9' url: 'dart:io' line:417 col:37
 2. Function: '_HttpResponse@19ffb8b9._responseEnd@19ffb8b9' url: 'dart:io' line:445 col:68
 3. Function: '_HttpResponse@19ffb8b9._streamClose@19ffb8b9' url: 'dart:io' line:449 col:19
 4. Function: '_HttpOutputStream@19ffb8b9.close' url: 'dart:io' line:476 col:60
 5. Function: '_HttpContext@703cfe7.send' url: 'file:///home/mythz/src/DartRedisTodos/vendor/Express/Express.dart' line:278 col:27
 6. Function: '_HttpContext@703cfe7.notFound' url: 'file:///home/mythz/src/DartRedisTodos/vendor/Express/Express.dart' line:300 col:11
 7. Function: 'StaticFileHandler.function' url: 'file:///home/mythz/src/DartRedisTodos/vendor/Express/Express.dart' line:385 col:21
 8. Function: 'FutureImpl._complete@367218ca' url: 'bootstrap_impl' line:557 col:40
 9. Function: 'FutureImpl._setValue@367218ca' url: 'bootstrap_impl' line:561 col:1
 10. Function: 'CompleterImpl.complete' url: 'bootstrap_impl' line:573 col:62
 11. Function: 'FutureImpl.function' url: 'bootstrap_impl' line:565 col:39
 12. Function: 'FutureImpl._complete@367218ca' url: 'bootstrap_impl' line:557 col:40
 13. Function: 'FutureImpl._setValue@367218ca' url: 'bootstrap_impl' line:561 col:1
 14. Function: 'CompleterImpl.complete' url: 'bootstrap_impl' line:573 col:62
 15. Function: '_SendPortImpl@38422f21.function' url: 'dart:isolate' line:22 col:356
 16. Function: '_ReceivePortImpl@38422f21._handleMessage@38422f21' url: 'dart:isolate' line:19 col:46

[kasperl]

Added Area-IO, Triaged labels.

[madsager]

Maybe instead of throwing exceptions we should propagate the exception object to the HttpServer onError handler. Then the HttpServer user is in control and can ignore the error, log it, or shut down the server as he sees fit. I agree that the server should not stop because someone fires an invalid request at it.

What do you think Søren?

---

Set owner to @sgjesse.

[sgjesse]

We need a simple way of handling errors during request processing that goes for both exceptions during the HTTP parsing and exceptions while actually running the request handler.

I think there should be some default handling that will return a response with status code 400 (Bad Request) if HTTP parsing fails and status code 500 (Internal Server Error) if an exception is thrown in the request handler. In both these cases the underlying socket connection should be closed after the response has been sent.

---

Added Started label.

[sgjesse]

Regarding comment #­1:

The reason for this failure is that the nginx reverse proxy talks HTTP 1.0 with the Dart server. For HTTP 1.0 the content length header needs to be set before sending any content. At the moment an exception is thrown if content length is not set before sending data for HTTP 1.0. With the following nginx configuration:

        location /dart {
                proxy_pass http://127.0.0.1:1234/;
                proxy_set_header Host $host;
        }

And this Dart code

void main() {
  HttpServer server = new HttpServer();
  server.defaultRequestHandler = (req, resp) {
    print(req.headers);
    req.inputStream.onData = () {
      print(new String.fromCharCodes(req.inputStream.read()));
    };
    req.inputStream.onClosed = () {
      resp.contentLength = 3;
      resp.outputStream.writeString("XXX");
      resp.outputStream.close();
    };
  };
  server.listen('0.0.0.0', 1234);
}

the nginx reverse proxy configuration works when navigating to http://localhost/dart/xxx.

Nginx have the configuration proxy_http_version which can be set to 1.1 which might also help. However it requires nginx 1.1.4, which I don't have at hand.

We could consider to buffer all output for HTTP 1.0 if the content length is not set and send it all with content length when available.

[DartBot]

This comment was originally written by demis.b...@gmail.com

---

I have nginx 1.1.9 and can confirm that this works:

location / {
   ...
   proxy_http_version 1.1;
}

Nginx + Dart at: http://dart-todos.ubixar.com :)

[sgjesse]

The main reason for the Dart HttpServer throwing an uncaught exception and terminating in these error cases is that there is no error handler set on the HttpServer instance. Adding that

  HttpServer server;
  ...
  server.onError = (e) => print(e);

should print the error and keep the server running. It will not return an error response to the client just close the underlying socket connection.

[madsager]

Added this to the M1 milestone.

[DartBot]

This comment was originally written by zhyg...@gmail.com

---

Regarding comment #­7:

Setting the "proxy_http_version 1.1;" does not work for me.

dart code:

var server = new HttpServer();
server.defaultRequestHandler = defaultHandler(HttpRequest req, HttpResponse res) {
print("start processing request");
res.outputStream..writeString("<html><head><title>The title</title></head><body><div>The body message</div></body></html>")
                    ..close();
    print("stop processing request");
};
  server.listen("127.0.0.1", 8080);
  server.onError = handleHttpError(Exception ex) {
    print(ex.toString());
  };

nginx configuration:
location /about {
    proxy_pass http://localhost:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_http_version 1.1;
}

1 in 10 page reloads it works but in most cases the nginx returns the 502 http exception.

tested both on windows7-64 and ubunty

[madsager]

The original bug report here was that the HttpServer would die with an unhandled exception on invalid requests if no error handler was registered. This is working as designed. You should always register an error handler on your HttpServer.

Please file new bugs for other issues so we can track them properly. Thanks.

---

Added AsDesigned label.

[kevmoo]

Removed Area-IO label.
Added Area-Library, Library-IO labels.