Skip to content

Forbid or replace empty targets in HTTP/1.1 requests#469

Merged
whatyouhide merged 4 commits intoelixir-mint:mainfrom
ruslandoga:forbid-empty-target
Aug 11, 2025
Merged

Forbid or replace empty targets in HTTP/1.1 requests#469
whatyouhide merged 4 commits intoelixir-mint:mainfrom
ruslandoga:forbid-empty-target

Conversation

@ruslandoga
Copy link
Contributor

@ruslandoga ruslandoga commented Aug 7, 2025
edited
Loading

👋

Right now Mint allows sending empty target in the request line for HTTP/1.1. I think it should either forbid such requests or replace them with /:

If the target URI's path component is
empty, the client MUST send "/" as the path within the origin-form of
request-target.

Current behaviour

Mint.HTTP1.request(conn, "POST", _path = "", headers, body)

this results in POST HTTP/1.1

475595741-7dd92fd2-9c97-424a-ad20-ece2c075e345

This PR

Forbidding seems easier since replacing "" with "/" might be surprising and not always correct, and there is already a :skip_target_validation option to disable "forbidding" if necessary.

@ruslandoga ruslandoga changed the title add failing test Forbid or replace empty targets in HTTP/1.1 requests Aug 7, 2025
@ruslandoga ruslandoga marked this pull request as ready for review August 7, 2025 17:11
@whatyouhide
Copy link
Contributor

whatyouhide commented Aug 7, 2025

@ruslandoga can we add a test that verifies the behavior of this with :skip_target_validation?

@whatyouhide whatyouhide merged commit 02abd6e into elixir-mint:main Aug 11, 2025
0 of 3 checks passed
@ruslandoga ruslandoga deleted the forbid-empty-target branch August 11, 2025 09:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@whatyouhide whatyouhide whatyouhide approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ruslandoga @whatyouhide