Skip to content
This repository has been archived by the owner on Mar 28, 2024. It is now read-only.

[BUG-10442] llGetHTTPHeader does not accept custom headers #770

Open
sl-service-account opened this issue Oct 9, 2015 · 0 comments
Open

[BUG-10442] llGetHTTPHeader does not accept custom headers #770

sl-service-account opened this issue Oct 9, 2015 · 0 comments
Labels
project:BUG

Comments

@sl-service-account
Copy link

Summary

llGetHTTPHeader does not permit or accept custom request headers such as "x-oauth-token" or "x-security-token".
This is either a undocumented security function(Improves security how?) or issue with the lsl http server.

This is BEFORE llHTTPResponse is called.

Steps to Reproduce

Example server:

default{
    state_entry(){
        llRequestURL();
    }
    http_request(key req, string method, string body){
        if(method==URL_REQUEST_GRANTED) llOwnerSay("My URL is: "+body);
        else if(method==URL_REQUEST_DENIED) llOwnerSay("Cannot register URL: "+body+"\nRemaining URLS: "+(string)llGetFreeURLs());
        else{
            llOwnerSay("HTTP "+method+" "+(string)req);
            llOwnerSay("x-example: "+llGetHTTPHeader(req,"x-example"));
            llOwnerSay(body); 
            llHTTPResponse(req, 200, "This is a response.");
        }
    }
}

Requester:

#!/usr/bin/env python3
import urllib.request

#Put the URL given by the script here
#Yeah I know I sh/could probably use argv, but for the sake of no bugs I'm not.
LSLServer = ""


req = urllib.request.Request(
    LSLServer+"/",
    b"Hello from python!",
    headers={"x-example": "This_is_a_header"}
)

try:
    res = urllib.request.urlopen(req)
    print(res.read())
    res.close()
except urllib.error.URLError as error:
    print(error)

Expected Behavior

[03:09] Object: HTTP POST 2160ef47-12a6-5358-0631-327163a2039b
[03:09] Object: x-example: This_is_a_header
[03:09] Object: Hello from python!

Actual Behavior

[03:09] Object: HTTP POST 2160ef47-12a6-5358-0631-327163a2039b
[03:09] Object: x-example:
[03:09] Object: Hello from python!

Other information

If this is intended, it should be documented as so on at:
http://wiki.secondlife.com/wiki/LlGetHTTPHeader
and http://wiki.secondlife.com/wiki/LSL_http_server
as the current statement is that all headers are accepted by the LSL server.

Original Jira Fields
Field Value
Issue BUG-10442
Summary llGetHTTPHeader does not accept custom headers
Type Bug
Priority Unset
Status Accepted
Resolution Accepted
Reporter Chaser Zaks (chaser.zaks)
Created at 2015-10-09T10:23:30Z
Updated at 2017-05-08T23:18:10Z 
{
  'Business Unit': ['Platform'],
  "Is there anything you'd like to add?": 'If this is intended, it should be documented as so on at:\r\nhttp://wiki.secondlife.com/wiki/LlGetHTTPHeader\r\nand http://wiki.secondlife.com/wiki/LSL_http_server\r\nas the current statement is that all headers are accepted by the LSL server.',
  'ReOpened Count': 0.0,
  'Severity': 'Unset',
  'System': 'SL Simulator',
  'Target Viewer Version': 'viewer-development',
  'What just happened?': 'llGetHTTPHeader does not permit or accept custom request headers such as "x-oauth-token" or "x-security-token".\r\nThis is either a undocumented security function(Improves security how?) or issue with the lsl http server.\r\n\r\nThis is [b]BEFORE[/b] llHTTPResponse is called.',
  'What were you doing when it happened?': 'Example server:\r\n[code]\r\ndefault{\r\n    state_entry(){\r\n        llRequestURL();\r\n    }\r\n    http_request(key req, string method, string body){\r\n        if(method==URL_REQUEST_GRANTED) llOwnerSay("My URL is: "+body);\r\n        else if(method==URL_REQUEST_DENIED) llOwnerSay("Cannot register URL: "+body+"\\nRemaining URLS: "+(string)llGetFreeURLs());\r\n        else{\r\n            llOwnerSay("HTTP "+method+" "+(string)req);\r\n            llOwnerSay("x-example: "+llGetHTTPHeader(req,"x-example"));\r\n            llOwnerSay(body); \r\n            llHTTPResponse(req, 200, "This is a response.");\r\n        }\r\n    }\r\n}\r\n[/code]\r\n\r\nRequester:\r\n[code]\r\n#!/usr/bin/env python3\r\nimport urllib.request\r\n\r\n#Put the URL given by the script here\r\n#Yeah I know I sh/could probably use argv, but for the sake of no bugs I\'m not.\r\nLSLServer = ""\r\n\r\n\r\nreq = urllib.request.Request(\r\n    LSLServer+"/",b"Hello from python!",\r\n    headers={"x-example": "This_is_a_header"}\r\n)\r\n\r\ntry:\r\n    res = urllib.request.urlopen(req)\r\n    print(res.read())\r\n    res.close()\r\nexcept urllib.error.URLError as error:\r\n    print(error)\r\n[/code]',
  'What were you expecting to happen instead?': 'According to the specifications, this SHOULD happen:\r\n[03:09] Object: HTTP POST 2160ef47-12a6-5358-0631-327163a2039b\r\n[03:09] Object: x-example: This_is_a_header\r\n[03:09] Object: Hello from python!\r\n\r\nThe actual result is:\r\n[03:09] Object: HTTP POST 2160ef47-12a6-5358-0631-327163a2039b\r\n[03:09] Object: x-example: \r\n[03:09] Object: Hello from python!',
  'Where': 'http://maps.secondlife.com/secondlife/Quiddity/128/128/23',
}
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
project:BUG
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sl-service-account