Handle requests using absolute-form request URIs.

An absolute-form request URI has a start line in form: "GET http://host/path HTTP/1.1".
RFC 7230 section 5.3.2 stipulates that servers should allow absolute-form request URIs.

This change will handles requests using absolute-form. The scheme and authority
section of the absolute URI are ignored, but will still appear in IHttpRequestFeature.RawTarget.

Resolves #666

Author: Nate McMaster

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/Frame.cs

@@ -29,11 +29,14 @@ public abstract partial class Frame : IFrameControl
         private const byte ByteCR = (byte)'\r';
         private const byte ByteLF = (byte)'\n';
         private const byte ByteColon = (byte)':';
+        private const byte ByteForwardSlash = (byte)'/';
         private const byte ByteSpace = (byte)' ';
         private const byte ByteTab = (byte)'\t';
         private const byte ByteQuestionMark = (byte)'?';
         private const byte BytePercentage = (byte)'%';
 
+        private const string EmptyPath = "/";
+
         private static readonly ArraySegment<byte> _endChunkedResponseBytes = CreateAsciiByteArraySegment("0\r\n\r\n");
         private static readonly ArraySegment<byte> _continueBytes = CreateAsciiByteArraySegment("HTTP/1.1 100 Continue\r\n\r\n");
 
@@ -976,7 +979,7 @@ private void CreateResponseHeader(
 
         public RequestLineStatus TakeStartLine(SocketInput input)
         {
-            const int MaxInvalidRequestLineChars = 32;
+            // expected start line format: https://tools.ietf.org/html/rfc7230#section-3.1.1
 
             var scan = input.ConsumingStart();
             var start = scan;
@@ -1014,22 +1017,21 @@ public RequestLineStatus TakeStartLine(SocketInput input)
                 }
                 end.Take();
 
+                // begin consuming method
                 string method;
                 var begin = scan;
                 if (!begin.GetKnownMethod(out method))
                 {
                     if (scan.Seek(ByteSpace, ref end) == -1)
                     {
-                        RejectRequest(RequestRejectionReason.InvalidRequestLine,
-                            Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
+                        RejectInvalidStartLine(start, end);
                     }
 
                     method = begin.GetAsciiString(ref scan);
 
                     if (method == null)
                     {
-                        RejectRequest(RequestRejectionReason.InvalidRequestLine,
-                            Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
+                        RejectInvalidStartLine(start, end);
                     }
 
                     // Note: We're not in the fast path any more (GetKnownMethod should have handled any HTTP Method we're aware of)
@@ -1038,8 +1040,7 @@ public RequestLineStatus TakeStartLine(SocketInput input)
                     {
                         if (!IsValidTokenChar(method[i]))
                         {
-                            RejectRequest(RequestRejectionReason.InvalidRequestLine,
-                                Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
+                            RejectInvalidStartLine(start, end);
                         }
                     }
                 }
@@ -1048,55 +1049,78 @@ public RequestLineStatus TakeStartLine(SocketInput input)
                     scan.Skip(method.Length);
                 }
 
+                // consume space
                 scan.Take();
+
+                // begin consuming request-target
                 begin = scan;
+
+                var targetBegin = scan;
+
+                if (targetBegin.Peek() != ByteForwardSlash)
+                {
+                    string requestUriScheme;
+                    if (scan.GetKnownHttpSchema(out requestUriScheme))
+                    {
+                        // Start-line can contain uri in absolute form. e.g. 'GET http://contoso.com/favicon.ico HTTP/1.1'
+                        // Clients should only send this to proxies, but the spec requires we handle it anyways.
+                        // cref https://tools.ietf.org/html/rfc7230#section-5.3
+                        scan.Skip(requestUriScheme.Length);
+
+                        if (scan.Seek(ByteForwardSlash, ByteSpace, ByteQuestionMark, ref end) == -1)
+                        {
+                            RejectInvalidStartLine(start, end);
+                        }
+
+                        begin = scan;
+                    }
+                }
+
                 var needDecode = false;
                 var chFound = scan.Seek(ByteSpace, ByteQuestionMark, BytePercentage, ref end);
                 if (chFound == -1)
                 {
-                    RejectRequest(RequestRejectionReason.InvalidRequestLine,
-                        Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
+                    RejectInvalidStartLine(start, end);
                 }
                 else if (chFound == BytePercentage)
                 {
                     needDecode = true;
                     chFound = scan.Seek(ByteSpace, ByteQuestionMark, ref end);
                     if (chFound == -1)
                     {
-                        RejectRequest(RequestRejectionReason.InvalidRequestLine,
-                            Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
+                        RejectInvalidStartLine(start, end);
                     }
                 }
 
                 var pathBegin = begin;
                 var pathEnd = scan;
 
-                var queryString = "";
+                var queryString = string.Empty;
                 if (chFound == ByteQuestionMark)
                 {
                     begin = scan;
                     if (scan.Seek(ByteSpace, ref end) == -1)
                     {
-                        RejectRequest(RequestRejectionReason.InvalidRequestLine,
-                            Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
+                        RejectInvalidStartLine(start, end);
                     }
                     queryString = begin.GetAsciiString(ref scan);
                 }
 
                 var queryEnd = scan;
 
-                if (pathBegin.Peek() == ByteSpace)
+                if (pathBegin.Peek() == ByteSpace && targetBegin.Index == pathBegin.Index)
                 {
-                    RejectRequest(RequestRejectionReason.InvalidRequestLine,
-                        Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
+                    RejectInvalidStartLine(start, end);
                 }
 
+                // consume space
                 scan.Take();
+
+                // begin consuming HTTP-version
                 begin = scan;
                 if (scan.Seek(ByteCR, ref end) == -1)
                 {
-                    RejectRequest(RequestRejectionReason.InvalidRequestLine,
-                        Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
+                    RejectInvalidStartLine(start, end);
                 }
 
                 string httpVersion;
@@ -1106,20 +1130,19 @@ public RequestLineStatus TakeStartLine(SocketInput input)
 
                     if (httpVersion == string.Empty)
                     {
-                        RejectRequest(RequestRejectionReason.InvalidRequestLine,
-                            Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
+                        RejectInvalidStartLine(start, end);
                     }
                     else
                     {
                         RejectRequest(RequestRejectionReason.UnrecognizedHTTPVersion, httpVersion);
                     }
                 }
 
-                scan.Take(); // consume CR
+                // consume CR
+                scan.Take();
                 if (scan.Take() != ByteLF)
                 {
-                    RejectRequest(RequestRejectionReason.InvalidRequestLine,
-                        Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
+                    RejectInvalidStartLine(start, end);
                 }
 
                 // URIs are always encoded/escaped to ASCII https://tools.ietf.org/html/rfc3986#page-11
@@ -1130,7 +1153,7 @@ public RequestLineStatus TakeStartLine(SocketInput input)
                 if (needDecode)
                 {
                     // Read raw target before mutating memory.
-                    rawTarget = pathBegin.GetAsciiString(ref queryEnd);
+                    rawTarget = targetBegin.GetAsciiString(ref queryEnd);
 
                     // URI was encoded, unescape and then parse as utf8
                     pathEnd = UrlPathDecoder.Unescape(pathBegin, pathEnd);
@@ -1141,19 +1164,34 @@ public RequestLineStatus TakeStartLine(SocketInput input)
                     // URI wasn't encoded, parse as ASCII
                     requestUrlPath = pathBegin.GetAsciiString(ref pathEnd);
 
-                    if (queryString.Length == 0)
+                    if (queryString.Length == 0 && targetBegin.Index == pathBegin.Index)
                     {
                         // No need to allocate an extra string if the path didn't need
-                        // decoding and there's no query string following it.
+                        // decoding and there's no query string following it, and the
+                        // request-target isn't absolute-form
                         rawTarget = requestUrlPath;
                     }
                     else
                     {
-                        rawTarget = pathBegin.GetAsciiString(ref queryEnd);
+                        rawTarget = targetBegin.GetAsciiString(ref queryEnd);
                     }
                 }
 
-                var normalizedTarget = PathNormalizer.RemoveDotSegments(requestUrlPath);
+                if (targetBegin.Index < pathBegin.Index)
+                {
+                    // validation of absolute-form URI may be slow, but clients
+                    // should not be sending this form anyways, so perf optimization 
+                    // not high priority
+                    Uri _;
+                    if (!Uri.TryCreate(rawTarget, UriKind.Absolute, out _))
+                    {
+                        RejectInvalidStartLine(start, end);
+                    }
+                }
+
+                var normalizedUrlPath = requestUrlPath == null
+                    ? EmptyPath
+                    : PathNormalizer.RemoveDotSegments(requestUrlPath);
 
                 consumed = scan;
                 Method = method;
@@ -1162,17 +1200,24 @@ public RequestLineStatus TakeStartLine(SocketInput input)
                 HttpVersion = httpVersion;
 
                 bool caseMatches;
-                if (RequestUrlStartsWithPathBase(normalizedTarget, out caseMatches))
+                if (RequestUrlStartsWithPathBase(normalizedUrlPath, out caseMatches))
                 {
-                    PathBase = caseMatches ? _pathBase : normalizedTarget.Substring(0, _pathBase.Length);
-                    Path = normalizedTarget.Substring(_pathBase.Length);
+                    // request-target is in origin-form or absolute-form 
+                    // and path should be adjusted for matching the server base path
+                    PathBase = caseMatches ? _pathBase : normalizedUrlPath.Substring(0, _pathBase.Length);
+                    Path = normalizedUrlPath.Substring(_pathBase.Length);
                 }
-                else if (rawTarget[0] == '/') // check rawTarget since normalizedTarget can be "" or "/" after dot segment removal
+                else if ((requestUrlPath?.Length > 0 && requestUrlPath[0] == '/')
+                    || (rawTarget.Length > 0 && rawTarget[0] == '/')
+                    || ReferenceEquals(normalizedUrlPath, EmptyPath))
                 {
-                    Path = normalizedTarget;
+                    // request-target is in origin-form or absolute-form
+                    Path = normalizedUrlPath;
                 }
                 else
                 {
+                    // request-target is in asterisk-form and authority-form
+                    // also the catch-all for other malformed request-targets
                     Path = string.Empty;
                     PathBase = string.Empty;
                     QueryString = string.Empty;
@@ -1480,6 +1525,16 @@ private void ThrowResponseAbortedException()
                     _applicationException);
         }
 
+        private void RejectInvalidStartLine(MemoryPoolIterator start, MemoryPoolIterator end)
+        {
+            const int MaxInvalidRequestLineChars = 32;
+
+            RejectRequest(RequestRejectionReason.InvalidRequestLine,
+                Log.IsEnabled(LogLevel.Information)
+                    ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars)
+                    : string.Empty);
+        }
+
         public void RejectRequest(RequestRejectionReason reason)
         {
             RejectRequest(BadHttpRequestException.GetException(reason));

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Infrastructure/MemoryPoolIteratorExtensions.cs

@@ -14,6 +14,9 @@ public static class MemoryPoolIteratorExtensions
         public const string Http10Version = "HTTP/1.0";
         public const string Http11Version = "HTTP/1.1";
 
+        public const string HttpScheme = "http://";
+        public const string HttpsScheme = "https://";
+
         // readonly primitive statics can be Jit'd to consts https://github.com/dotnet/coreclr/issues/1079
         private readonly static ulong _httpConnectMethodLong = GetAsciiStringAsLong("CONNECT ");
         private readonly static ulong _httpDeleteMethodLong = GetAsciiStringAsLong("DELETE \0");
@@ -28,6 +31,9 @@ public static class MemoryPoolIteratorExtensions
         private readonly static ulong _http10VersionLong = GetAsciiStringAsLong("HTTP/1.0");
         private readonly static ulong _http11VersionLong = GetAsciiStringAsLong("HTTP/1.1");
 
+        private readonly static ulong _httpSchemeLong = GetAsciiStringAsLong("http://\0");
+        private readonly static ulong _httpsSchemeLong = GetAsciiStringAsLong("https://");
+
         private readonly static ulong _mask8Chars = GetMaskAsLong(new byte[] { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff });
         private readonly static ulong _mask7Chars = GetMaskAsLong(new byte[] { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00 });
         private readonly static ulong _mask6Chars = GetMaskAsLong(new byte[] { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 });
@@ -157,6 +163,37 @@ public static bool GetKnownMethod(this MemoryPoolIterator begin, out string know
             return false;
         }
 
+        /// <summary>
+        /// Checks 8 bytes from <paramref name="begin"/> that correspond to 'http://' or 'https://'
+        /// </summary>
+        /// <param name="begin">The iterator</param>
+        /// <param name="knownScheme">A reference to the known scheme, if the input matches any</param>
+        /// <returns>True when memory starts with known http or https schema</returns>
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
+        public static bool GetKnownHttpSchema(this MemoryPoolIterator begin, out string knownScheme)
+        {
+            knownScheme = null;
+            ulong value;
+            if (!begin.TryPeekLong(out value))
+            {
+                return false;
+            }
+
+            if ((value & _mask7Chars) == _httpSchemeLong)
+            {
+                knownScheme = HttpScheme;
+                return true;
+            }
+
+            if (value == _httpsSchemeLong)
+            {
+                knownScheme = HttpsScheme;
+                return true;
+            }
+
+            return false;
+        }
+
         /// <summary>
         /// Checks 9 bytes from <paramref name="begin"/>  correspond to a known HTTP version.
         /// </summary>