| Safe Haskell | Safe-Inferred |
|---|---|
| Language | Haskell2010 |
Network.Wai.Middleware.ValidateHeaders
Contents
Description
This module provides a middleware to validate response headers. RFC 9110 constrains the allowed octets in header names and values:
- Header names are tokens, i.e. visible ASCII characters (octets 33 to 126 inclusive) except delimiters.
- Header values should be limited to visible ASCII characters, the whitespace characters space and horizontal tab and octets 128 to 255. Headers values may not have trailing whitespace (see RFC 9110 Section 5.5). Folding is not allowed.
validateHeadersMiddleware enforces these constraints for response headers by responding with a 500 Internal Server Error when an offending character is present. This is meant to catch programmer errors early on and reduce attack surface.
Middleware
validateHeadersMiddleware :: ValidateHeadersSettings -> Middleware Source #
Middleware to validate response headers.
Since: 3.1.15
Settings
data ValidateHeadersSettings Source #
Configuration for validateHeadersMiddleware.
Since: 3.1.15
Constructors
| ValidateHeadersSettings | |
Fields
| |
defaultValidateHeadersSettings :: ValidateHeadersSettings Source #
Default configuration for validateHeadersMiddleware.
Checks that each header meets the requirements listed at the top of this module: Allowed octets for name and value and no trailing whitespace in the value.
Since: 3.1.15
Types
data InvalidHeader Source #
Description of an invalid header.
Since: 3.1.15
Constructors
| InvalidHeader Header InvalidHeaderReason |
data InvalidHeaderReason Source #
Reasons a header might be invalid.
Since: 3.1.15
Constructors
| InvalidOctetInHeaderName Word8 | Header name contains an invalid octet. |
| InvalidOctetInHeaderValue Word8 | Header value contains an invalid octet. |
| TrailingWhitespaceInHeaderValue | Header value contains trailing whitespace. |