Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server does not check the HTTP method of the request #2766

Open
jhump opened this issue May 30, 2024 · 2 comments
Open

Server does not check the HTTP method of the request #2766

jhump opened this issue May 30, 2024 · 2 comments
Labels
package: @grpc/grpc-js

Comments

@jhump
Copy link
Member

jhump commented May 30, 2024

If the rest of the request looks like a gRPC request, the server will accept incorrect HTTP methods, such as “DELETE” or “PUT”. If the server generates an error status, it would be because some other issue was encountered in processing the request.

Ideally, the server would check some basics of the request before even attempting to process it as a gRPC request, the HTTP method and the content-type are the main attributes it should check to classify the request as gRPC or not.
@murgatroid99
Copy link
Member

The gRPC protocol spec specifies the error to send if the client sends the wrong content-type, and this server implementation does check the content-type and send that error if appropriate. The gRPC protocol spec does not specify what to do if the HTTP method is incorrect.

@jhump
Copy link
Member Author

jhump commented May 30, 2024

I agree that there are deficiencies in the spec around this: grpc/grpc#36767

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
package: @grpc/grpc-js
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@murgatroid99 @jhump