Handle requests using absolute-form request URIs.

An absolute-form request URI has a start line in form: "GET http://host/path HTTP/1.1".
RFC 7230 section 5.3.2 stipulates that servers should allow absolute-form request URIs.

This change will handles requests using absolute-form. The scheme and authority
section of the absolute URI are ignored, but will still appear in IHttpRequestFeature.RawTarget.

Resolves #666

Author: Nate McMaster

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/Frame.cs

@@ -28,6 +28,7 @@ public abstract partial class Frame : IFrameControl
         private const byte ByteCR = (byte)'\r';
         private const byte ByteLF = (byte)'\n';
         private const byte ByteColon = (byte)':';
+        private const byte ByteForwardSlash = (byte)'/';
         private const byte ByteSpace = (byte)' ';
         private const byte ByteTab = (byte)'\t';
         private const byte ByteQuestionMark = (byte)'?';
@@ -973,6 +974,8 @@ private void CreateResponseHeader(
 
         public RequestLineStatus TakeStartLine(SocketInput input)
         {
+            // expected start line format: https://tools.ietf.org/html/rfc7230#section-3.1.1
+
             const int MaxInvalidRequestLineChars = 32;
 
             var scan = input.ConsumingStart();
@@ -1011,6 +1014,7 @@ public RequestLineStatus TakeStartLine(SocketInput input)
                 }
                 end.Take();
 
+                // begin consuming method
                 string method;
                 var begin = scan;
                 if (!begin.GetKnownMethod(out method))
@@ -1045,8 +1049,38 @@ public RequestLineStatus TakeStartLine(SocketInput input)
                     scan.Skip(method.Length);
                 }
 
-                scan.Take();
+                scan.Take(); // consume space
+
+                // begin consuming request-target
                 begin = scan;
+
+                string requestUriScheme;
+                string requestAuthority = null;
+                if (scan.GetKnownUriScheme(out requestUriScheme))
+                {
+                    // Request URIs can be in absolute form
+                    // See https://tools.ietf.org/html/rfc7230#section-5.3.2
+                    // This will skip over scheme and authority for determinie path, but preserving the vlues for rawTarget.
+                    // We rely on the Host header and server configuration to determine the effective host, port, and scheme
+                    // for this request.
+                    scan.Skip(requestUriScheme.Length);
+                    begin = scan;
+
+                    // an absolute URI is not required to end in a slash but must not be empty
+                    // see https://tools.ietf.org/html/rfc3986#section-4.3
+
+                    var pathIndex = scan.Seek(ByteForwardSlash, ByteSpace, ref end);
+                    if (pathIndex == -1)
+                    {
+                        RejectRequest(RequestRejectionReason.InvalidRequestLine,
+                            Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
+                    }
+
+                    // TODO consider handling unicode host names
+                    requestAuthority = begin.GetAsciiString(ref scan);
+                    begin = scan;
+                }
+
                 var needDecode = false;
                 var chFound = scan.Seek(ByteSpace, ByteQuestionMark, BytePercentage, ref end);
                 if (chFound == -1)
@@ -1082,13 +1116,15 @@ public RequestLineStatus TakeStartLine(SocketInput input)
 
                 var queryEnd = scan;
 
-                if (pathBegin.Peek() == ByteSpace)
+                if (pathBegin.Peek() == ByteSpace && requestAuthority == null)
                 {
                     RejectRequest(RequestRejectionReason.InvalidRequestLine,
                         Log.IsEnabled(LogLevel.Information) ? start.GetAsciiStringEscaped(end, MaxInvalidRequestLineChars) : string.Empty);
                 }
 
-                scan.Take();
+                scan.Take(); // consume space
+
+                // begin consuming HTTP-version
                 begin = scan;
                 if (scan.Seek(ByteCR, ref end) == -1)
                 {
@@ -1123,11 +1159,11 @@ public RequestLineStatus TakeStartLine(SocketInput input)
                 // Multibyte Internationalized Resource Identifiers (IRIs) are first converted to utf8;
                 // then encoded/escaped to ASCII  https://www.ietf.org/rfc/rfc3987.txt "Mapping of IRIs to URIs"
                 string requestUrlPath;
-                string rawTarget;
+                string rawUrlPath;
                 if (needDecode)
                 {
                     // Read raw target before mutating memory.
-                    rawTarget = pathBegin.GetAsciiString(ref queryEnd);
+                    rawUrlPath = pathBegin.GetAsciiString(ref queryEnd);
 
                     // URI was encoded, unescape and then parse as utf8
                     pathEnd = UrlPathDecoder.Unescape(pathBegin, pathEnd);
@@ -1142,31 +1178,33 @@ public RequestLineStatus TakeStartLine(SocketInput input)
                     {
                         // No need to allocate an extra string if the path didn't need
                         // decoding and there's no query string following it.
-                        rawTarget = requestUrlPath;
+                        rawUrlPath = requestUrlPath;
                     }
                     else
                     {
-                        rawTarget = pathBegin.GetAsciiString(ref queryEnd);
+                        rawUrlPath = pathBegin.GetAsciiString(ref queryEnd);
                     }
                 }
 
-                var normalizedTarget = PathNormalizer.RemoveDotSegments(requestUrlPath);
+                var normalizedUrlPath = requestUrlPath == null
+                    ? string.Empty
+                    : PathNormalizer.RemoveDotSegments(requestUrlPath);
 
                 consumed = scan;
                 Method = method;
                 QueryString = queryString;
-                RawTarget = rawTarget;
+                RawTarget = requestUriScheme + requestAuthority + rawUrlPath;
                 HttpVersion = httpVersion;
 
                 bool caseMatches;
-                if (RequestUrlStartsWithPathBase(normalizedTarget, out caseMatches))
+                if (RequestUrlStartsWithPathBase(normalizedUrlPath, out caseMatches))
                 {
-                    PathBase = caseMatches ? _pathBase : normalizedTarget.Substring(0, _pathBase.Length);
-                    Path = normalizedTarget.Substring(_pathBase.Length);
+                    PathBase = caseMatches ? _pathBase : normalizedUrlPath.Substring(0, _pathBase.Length);
+                    Path = normalizedUrlPath.Substring(_pathBase.Length);
                 }
-                else if (rawTarget[0] == '/') // check rawTarget since normalizedTarget can be "" or "/" after dot segment removal
+                else if (rawUrlPath?.Length > 0 && rawUrlPath[0] == '/') // check rawUrlPath since normalizedUrlPath can be "" or "/" after dot segment removal
                 {
-                    Path = normalizedTarget;
+                    Path = normalizedUrlPath;
                 }
                 else
                 {

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Infrastructure/MemoryPoolIteratorExtensions.cs

@@ -14,6 +14,9 @@ public static class MemoryPoolIteratorExtensions
         public const string Http10Version = "HTTP/1.0";
         public const string Http11Version = "HTTP/1.1";
 
+        public const string HttpScheme = "http://";
+        public const string HttpsScheme = "https://";
+
         // readonly primitive statics can be Jit'd to consts https://github.com/dotnet/coreclr/issues/1079
         private readonly static ulong _httpConnectMethodLong = GetAsciiStringAsLong("CONNECT ");
         private readonly static ulong _httpDeleteMethodLong = GetAsciiStringAsLong("DELETE \0");
@@ -28,6 +31,9 @@ public static class MemoryPoolIteratorExtensions
         private readonly static ulong _http10VersionLong = GetAsciiStringAsLong("HTTP/1.0");
         private readonly static ulong _http11VersionLong = GetAsciiStringAsLong("HTTP/1.1");
 
+        private readonly static ulong _httpSchemeLong = GetAsciiStringAsLong("http://\0");
+        private readonly static ulong _httpsSchemeLong = GetAsciiStringAsLong("https://");
+
         private readonly static ulong _mask8Chars = GetMaskAsLong(new byte[] { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff });
         private readonly static ulong _mask7Chars = GetMaskAsLong(new byte[] { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00 });
         private readonly static ulong _mask6Chars = GetMaskAsLong(new byte[] { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00 });
@@ -157,6 +163,42 @@ public static bool GetKnownMethod(this MemoryPoolIterator begin, out string know
             return false;
         }
 
+        /// <summary>
+        /// Checks 8 bytes from <paramref name="begin"/> that correspond to a known URI scheme.
+        /// </summary>
+        /// <remarks>
+        /// Currently recognizes these schemes:
+        /// - 'http://'
+        /// - 'https://'
+        /// </remarks>
+        /// <param name="begin">The iterator</param>
+        /// <param name="knownScheme">A reference to the known scheme, if the input matches any</param>
+        /// <returns></returns>
+        [MethodImpl(MethodImplOptions.AggressiveInlining)]
+        public static bool GetKnownUriScheme(this MemoryPoolIterator begin, out string knownScheme)
+        {
+            knownScheme = null;
+            ulong value;
+            if (!begin.TryPeekLong(out value))
+            {
+                return false;
+            }
+
+            if ((value & _mask7Chars) == _httpSchemeLong)
+            {
+                knownScheme = HttpScheme;
+                return true;
+            }
+
+            if (value == _httpsSchemeLong)
+            {
+                knownScheme = HttpsScheme;
+                return true;
+            }
+
+            return false;
+        }
+
         /// <summary>
         /// Checks 9 bytes from <paramref name="begin"/>  correspond to a known HTTP version.
         /// </summary>

test/Microsoft.AspNetCore.Server.Kestrel.FunctionalTests/RequestTests.cs

@@ -453,6 +453,72 @@ public async Task RequestAbortedTokenFiredOnClientFIN()
             }
         }
 
+        [Theory]
+        [InlineData("http://localhost/abs/path", true, "/abs/path")]
+        [InlineData("https://localhost/abs/path", true, "/abs/path")] // handles mismatch scheme
+        [InlineData("https://localhost:22/abs/path", true, "/abs/path")] // handles mismatched ports
+        [InlineData("https://differenthost/abs/path", true, "/abs/path")] // handles mismatched hostname
+        [InlineData("http://localhost/", true, "/")]
+        [InlineData("https://localhost/", true, "/")]
+        [InlineData("http://localhost", true, "")]
+        [InlineData("http://", false, null)]
+        [InlineData("https://", false, null)]
+        public async Task CanHandleRequestsWithUrlInAbsoluteForm(string requestUrl, bool valid, string expectedPath)
+        {
+            var pathTcs = new TaskCompletionSource<PathString>();
+            var rawTargetTcs = new TaskCompletionSource<string>();
+            var hostTcs = new TaskCompletionSource<HostString>();
+
+            var builder = new WebHostBuilder()
+                .UseKestrel()
+                .UseUrls("http://127.0.0.1:0")
+                .Configure(app =>
+                {
+                    app.Run(async context =>
+                    {
+                        pathTcs.TrySetResult(context.Request.Path);
+                        hostTcs.TrySetResult(context.Request.Host);
+                        rawTargetTcs.TrySetResult(context.Features.Get<IHttpRequestFeature>().RawTarget);
+                        await context.Response.WriteAsync("Done");
+                    });
+                });
+
+            using (var host = builder.Build())
+            {
+                host.Start();
+
+                using (var socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp))
+                {
+                    socket.Connect(new IPEndPoint(IPAddress.Loopback, host.GetPort()));
+                    var raw = $"GET {requestUrl} HTTP/1.1\r\n" +
+                              "Content-Length: 0\r\n" +
+                              "Host: localhost\r\n" +
+                              "Connection: close\r\n" +
+                              "\r\n";
+
+                    socket.Send(Encoding.ASCII.GetBytes(raw));
+                    if (valid)
+                    {
+                        await Task.WhenAll(pathTcs.Task, rawTargetTcs.Task, hostTcs.Task).OrTimeout(TimeSpan.FromSeconds(30));
+                        Assert.Equal(new PathString(expectedPath), pathTcs.Task.Result);
+                        Assert.Equal(requestUrl, rawTargetTcs.Task.Result);
+                        Assert.Equal("localhost", hostTcs.Task.Result.ToString());
+                    }
+                    else
+                    {
+                        var response = new StringBuilder();
+                        var responseBytes = new byte[4096];
+                        var received = 0;
+                        while ((received = socket.Receive(responseBytes)) > 0)
+                        {
+                            response.Append(Encoding.ASCII.GetString(responseBytes, 0, received));
+                        }
+                        Assert.StartsWith("HTTP/1.1 400", response.ToString());
+                    }
+                }
+            }
+        }
+
         private async Task TestRemoteIPAddress(string registerAddress, string requestAddress, string expectAddress)
         {
             var builder = new WebHostBuilder()

test/Microsoft.AspNetCore.Server.Kestrel.FunctionalTests/Utilities/TaskExtensions.cs

@@ -0,0 +1,22 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Runtime.CompilerServices;
+using System.Threading.Tasks;
+
+namespace Microsoft.AspNetCore.Server.Kestrel.FunctionalTests
+{
+    public static class TaskExtensions
+    {
+        public static async Task OrTimeout(this Task task, TimeSpan timeout, 
+            [CallerFilePath] string file = null, [CallerLineNumber] int line = 0)
+        {
+            var finished = await Task.WhenAny(task, Task.Delay(timeout));
+            if (!ReferenceEquals(finished, task))
+            {
+                throw new TimeoutException($"Task exceeded max running time of {timeout.TotalSeconds}s at {file}:{line}");
+            }
+        }
+    }
+}