Always overwrite Transport-Encoding and Content-Length

[dnadoba]

Motivation

We want to reuse request validation in the upcoming async/await implementation. During refactoring we noticed some inconsistency in the current implementation on how user defined Transport-Encoding and Content-Length headers are processed. We concluded that a user should not be allowed to set Transport-Encoding or Content-Length headers themselves. A user can only communicate its intend through the body property on a request. We infer the correct and most optimal Transport-Encoding or Content-Length header for them.

Changes

• Transport-Encoding and Content-Length or no longer validated and always removed or replaced
• rename validate to validateAndSetTransportFraming because it does not only validate but also mutate the HTTPHeaders to include the correct headers for the given request body.
• introduce a new enum RequestBodyLength which can be either .dynamic if we do not now the size of a request in advance or .fixed(length: Int) if the user has specified the length of the body.
• refactor implementation to no longer expect a HTTPClient.Request.Body? but rather a new type RequestBodyLength. This allows use to reuse the function for async/await because we will not use HTTPClient.Request.Body but rather a new type HTTPRequest.Body.
• no request body (where HTTPClient.Request.body is set to nil) and a request body with a length of 0 (e.g where body is .byteBuffer(ByteBuffer()) are now processed the same way.

Alternatives

We could also remove RequestBodyLength and just use and optional Int.

[fabianfett]

Super NIT: I think an if is easier to read here.

[fabianfett]

Just out of curiosity, why is this generic?

[dnadoba]

We call this function during validateAndFixTransportFraming with [Substring] but it is more convenience to use [String] in tests.

[fabianfett]

I think this should be private and all tests should go directly through validateAndFixTransportFraming.

[Lukasa]

+1 to @fabianfett's note.

[fabianfett]

why is this internal now?

[fabianfett]

I think we should make this explicit with a comment.

Even though a fixed length body is going to be sent, the user explicitly set an encoding. We should respect the users wish and use the specified headers.

[fabianfett]

There might be an interesting case here: What if the user handed us a fixed size body payload, but also set the Content-Length header to something different?

[dnadoba]

I once had validation in there but noticed that we actually have tests that check that we always overwrite the Content-Length header. I would also prefer to validate it but this might break user code. WDYT?

[dnadoba]

async-http-client/Tests/AsyncHTTPClientTests/RequestValidationTests.swift

Lines 43 to 49 in 62ad818

	func testContentLengthHeaderIsChangedIfBodyHasDifferentLength() {
	var headers = HTTPHeaders([("Content-Length", "0")])
	var metadata: RequestFramingMetadata?
	XCTAssertNoThrow(metadata = try headers.validateAndFixTransportFraming(method: .PUT, bodyLength: .fixed(length: 200)))
	XCTAssertEqual(headers.first(name: "Content-Length"), "200")
	XCTAssertEqual(metadata?.body, .fixedSize(200))
	}

[fabianfett]

We need @Lukasa's wisdom here.

[Lukasa]

We should absolutely always override it. The user is not entitled to set that header: it doesn't belong to them.

[fabianfett]

We also run in this case if the user has set a Content-Length header explicitly. I think in the dynamic case we should trust a user set content length header (though we should validate it is a positive int).

A case might be streaming a file somewhere.

[dnadoba]

I'm not really sure about this. A user can always specify the length of a stream upfront through our API and doesn't need to set the Content-Length header manually through the length parameter.

async-http-client/Sources/AsyncHTTPClient/HTTPHandler.swift

Lines 61 to 69 in 62ad818

	/// Create and stream body using `StreamWriter`.
	///
	/// - parameters:
	/// - length: Body size. Request validation will be failed with `HTTPClientErrors.contentLengthMissing` if nil,
	/// unless `Transfer-Encoding: chunked` header is set.
	/// - stream: Body chunk provider.
	public static func stream(length: Int? = nil, _ stream: @escaping (StreamWriter) -> EventLoopFuture<Void>) -> Body {
	return Body(length: length, stream: stream)
	}

This would give them a way to do the same thing in to different ways and they may conflict.
I would almost say that we should always ignore/remove "Content-Length" header.
The same is almost true for Transport-Encoding but I'm not fully understanding all use cases for this one.

[dnadoba]

If I read this code snipped correctly, Transport-Encoding can only be chunked because SwiftNIO always replace the Transport-Encoding with chunked or doesn't do chunked encoding if it is not the only encoding.
https://github.com/apple/swift-nio/blob/addf69cfe60376c325397c8926589415576b1dd1/Sources/NIOHTTP1/HTTPEncoder.swift#L104-L129

[fabianfett]

we should always ignore/remove "Content-Length" header

Nope, definitely not. I know at least the S3 apis, that require a Content-Length even for large uploads, if you deal with pre-signed links and friends.

[Lukasa]

Yeah, we don't support other transfer encodings in NIO and so we should probably stop doing so here. However, I don't know if making that change in this PR is worthwhile.

As to supporting Content-Length: yes, we should emit it, but we should do so when users tell us the size of their stream. We shouldn't tolerate them setting that header.

[fabianfett]

As to supporting Content-Length: yes, we should emit it, but we should do so when users tell us the size of their stream. We shouldn't tolerate them setting that header.

Okay, I'm happy with that!

In that case we need to fix the code comment though here:

async-http-client/Sources/AsyncHTTPClient/HTTPHandler.swift

Lines 61 to 69 in 62ad818

	/// Create and stream body using `StreamWriter`.
	///
	/// - parameters:
	/// - length: Body size. Request validation will be failed with `HTTPClientErrors.contentLengthMissing` if nil,
	/// unless `Transfer-Encoding: chunked` header is set.
	/// - stream: Body chunk provider.
	public static func stream(length: Int? = nil, _ stream: @escaping (StreamWriter) -> EventLoopFuture<Void>) -> Body {
	return Body(length: length, stream: stream)
	}

If no Content-Length header is set, we will just reach for chunked.

[Lukasa]

Nit: As a matter of style I think it's rarely useful to have : Equatable. Whenever you feel like writing that, you may as well also write : Hashable.

[dnadoba]

Is the binary size increase negligible for the additional synthesised conformance? AFAIK Swift doesn't remove unused synthesised conformances, even for internal types.

[Lukasa]

Yeah, this is not the most fruitful way of shrinking binary sizes.

[Lukasa]

Why are we getting the value if we don't need it?

[Lukasa]

We should absolutely always override it. The user is not entitled to set that header: it doesn't belong to them.

[Lukasa]

Nit:

Suggested change

	// "Transfer-Encoding" and "Content-Length" are not allowed to present at the same time (https://tools.ietf.org/html/rfc7230#section-3.3.1)
	// "Transfer-Encoding" and "Content-Length" are not allowed to be present at the same time (https://tools.ietf.org/html/rfc7230#section-3.3.1)

[Lukasa]

+1 to @fabianfett's note.

[Lukasa]

Yeah, we don't support other transfer encodings in NIO and so we should probably stop doing so here. However, I don't know if making that change in this PR is worthwhile.

As to supporting Content-Length: yes, we should emit it, but we should do so when users tell us the size of their stream. We shouldn't tolerate them setting that header.

[fabianfett]

Wow, this looks so much better already. Tiny nits.

[fabianfett]

We should add a message here like: "AsyncHTTPClient now silently corrects invalid headers."

[fabianfett]

See above

[fabianfett]

Since the errors are equatable would you mind checking, we get what we expect?

[fabianfett]

Huge improvement!