Response must use 4xx status code when sent because of decoding error (…

…#12) Motivation: A 4xx status code must be used when sending a response caused because of an decoding error: https://www.ietf.org/archive/id/draft-ietf-ohai-ohttp-10.html#section-5.2 Modifications: Use a 4xx status code when exception is caused because of decoding Result: Follow the spec
netty · Dec 14, 2023 · 8a043e9 · 8a043e9
1 parent fd8c1c8
commit 8a043e9
Showing 1 changed file with 14 additions and 3 deletions.
diff --git a/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpServerCodec.java b/codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpServerCodec.java
@@ -157,16 +157,21 @@ protected final void decode(ChannelHandlerContext ctx, HttpObject msg, List<Obje
             } else {
                 out.add(ReferenceCountUtil.retain(msg));
             }
-        } catch (CryptoException e) {
-            throw new DecoderException("failed to decrypt bytes", e);
+        } catch (Exception e) {
+            throw new OHttpServerDecoderException("failed to decode bytes", e);
         }
     }
 
     @Override
     public final void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
         if (!sentResponse && request != null) {
             sentResponse = true;
-            FullHttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.INTERNAL_SERVER_ERROR);
+
+            // Respond with 4xx status code in case of unable to decode message:
+            // See https://www.ietf.org/archive/id/draft-ietf-ohai-ohttp-10.html#section-5.2
+            HttpResponseStatus status = cause instanceof OHttpServerDecoderException ?
+                    HttpResponseStatus.BAD_REQUEST : HttpResponseStatus.INTERNAL_SERVER_ERROR;
+            FullHttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, status);
             HttpUtil.setKeepAlive(response, false);
             onResponse(request, response);
 
@@ -234,6 +239,12 @@ private void destroyContext() {
         }
     }
 
+    private static final class OHttpServerDecoderException extends DecoderException {
+        OHttpServerDecoderException(String msg, Throwable cause) {
+            super(msg, cause);
+        }
+    }
+
     private static final class OHttpServerRequestResponseContext extends OHttpRequestResponseContext {
 
         private final HybridPublicKeyEncryption encryption;