RFR: 8355572: Support HTTP Range requests in Simple Web Server [v6]
Daniel Fuchs
dfuchs at openjdk.org
Fri Oct 31 14:48:19 UTC 2025
On Fri, 31 Oct 2025 14:04:49 GMT, Peyang <duke at openjdk.org> wrote:
>> src/jdk.httpserver/share/classes/sun/net/httpserver/simpleserver/FileServerHandler.java line 310:
>>
>>> 308: return true;
>>> 309: }
>>> 310: servePartialContents(exchange, path, ranges);
>>
>> The RFC says:
>>
>>> A server that supports range requests MAY ignore or reject a [Range](https://www.rfc-editor.org/rfc/rfc9110.html#field.range) header field that contains an invalid [ranges-specifier](https://www.rfc-editor.org/rfc/rfc9110.html#rule.ranges-specifier) ([Section 14.1.1](https://www.rfc-editor.org/rfc/rfc9110.html#range.specifiers)), a [ranges-specifier](https://www.rfc-editor.org/rfc/rfc9110.html#rule.ranges-specifier) with more than two overlapping ranges, or a set of many small ranges that are not listed in ascending order, since these are indications of either a broken client or a deliberate denial-of-service attack ([Section 17.15](https://www.rfc-editor.org/rfc/rfc9110.html#overlapping.ranges)).
>>
>> I would expect a validation of the ranges list before we serve them.
>
> I recall reading this part of the RFC before.
> Since it says *MAY*, and given that this is a simple web server, I wasn't sure if such validations are strictly required,
> so I didn't implement them.
> But if you think it's necessary, I can add them now.
Yes please. I'd prefer to have built-in validation.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28021#discussion_r2481667982
More information about the net-dev
mailing list