Handle requests that use an absolute URI as the request path

[sajayantony]

Kestrel returns HTTP/1.1 500 Internal Server Error when the request has a complete request URI.
Sample app - HelloWorldMvc

Program.cs

using System;
using System.Net;
using System.Net.Sockets;
using System.Text;

namespace KestrelFullRequestUriIssue
{
    public class Program
    {
        public static void Main(string[] args)
        {
            var endpoint = new DnsEndPoint("localhost", 5000);
            Socket s = new Socket(SocketType.Stream, ProtocolType.Tcp);
            s.Connect(endpoint);
            var raw = "GET http://localhost:5000/ HTTP/1.1\r\n" +
                            "Host: localhost:5000\r\n" +
                            "Content-Length: 0\r\n" +
                            "Connection: close\r\n" +
                            "\r\n";

            var request = Encoding.ASCII.GetBytes(raw);
            Console.WriteLine(raw);
            s.Send(Encoding.ASCII.GetBytes(raw));
            byte[] buffer = new byte[1024];
            int count = 0;
            while ((count = s.Receive(buffer)) != 0)
                Console.WriteLine(Encoding.ASCII.GetChars(buffer, 0, count));
            s.Dispose();
        }
    }
}

project.json

{
  "version": "1.0.0-*",
  "description": "KestrelFullRequestUriIssue Console Application",
  "authors": [ "sajaya" ],
  "tags": [ "" ],
  "projectUrl": "",
  "licenseUrl": "",

  "compilationOptions": {
    "emitEntryPoint": true
  },

  "dependencies": {
  },

  "commands": {
    "KestrelFullRequestUriIssue": "KestrelFullRequestUriIssue"
  },

  "frameworks": {
    "dnx451": { },
    "dnxcore50": {
      "dependencies": {
        "Microsoft.CSharp": "4.0.1-beta-23516",
        "System.Collections": "4.0.11-beta-23516",
        "System.Console": "4.0.0-beta-23516",
        "System.Linq": "4.0.1-beta-23516",
        "System.Net.NetworkInformation": "4.0.0-beta-23019",
        "System.Net.Primitives": "4.0.11-beta-23516",
        "System.Private.Networking": "4.0.1-beta-23225",
        "System.Net.Sockets": "4.1.0-beta-23516",
        "System.Threading": "4.0.11-beta-23516"
      }
    }
  }
}

[halter73]

It looks like the first request is valid (https://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.2 outdated RFC, but I assume this hasn't changed), but Kestrel is putting the full URL (e.g. “http://localhost:5000/” instead of “/”) in IHttpRequestFeature.Path.

This causes the following exception to be thrown from PathString when some middleware (presumably Routing) tries to access HttpContext.Request.Path:

System.ArgumentException: The path in 'value' must start with '/'.
Parameter name: value
at Microsoft.AspNetCore.Http.PathString..ctor(String value)
at Microsoft.AspNetCore.Http.Internal.DefaultHttpRequest.get_Path()

The uncaught exception then results in a 500 response.

[Tratcher]

Yeah, that format is only used with proxies which is why nobody has run into it yet.
https://tools.ietf.org/html/rfc7230#section-5.3.2. Kestrel should still allow it and the other forms mentioned in 5.3, though I don't know if we'll be supporting Connect any time soon.

[cesarblum]

So for a request for a full URL we should check if it matches one of the addresses Kestrel is listening on, otherwise we should fail. Would a 400 be appropriate for this situation?

[Tratcher]

I don't think we're ready for that level of validation. We don't check the host header either. Just ignore the scheme and host.

[cesarblum]

We've decided this should be handled after RC2, since it's an edge case. We can more adequately handle this scenario, as well as #709, once we implement #594.