Skip to content

Improve HTTP header parsing to handle quoted strings with delimiters #102

New issue
New issue
Open
Open
Improve HTTP header parsing to handle quoted strings with delimiters#102
Labels
area: headersIssues related to headers.bugSomething isn't working
Milestone
Post 1.0 Release
@coderabbitai

Description

@coderabbitai
coderabbitai
bot
opened on Jun 17, 2025

Problem

The current HTTP header parsing implementation in the codebase uses naive string splitting methods that fail when quoted values contain delimiter characters. This affects the ForwardedHeader implementation and potentially other header parsers.

Example Issue

A header value like:

for="[2001:db8:cafe::17]:4711";desc="semi;colon"

Will be incorrectly parsed because the simple split(';') and split('=') methods don't respect quoted strings and escapes.

Current Implementation

The parsing uses:

final pairStrings = elementStr.split(';');
final parts = pairStr.split('=');

Suggested Solutions

  1. Reuse HeaderValue.parse from package:http_parser <-- no such thing
  2. Implement a custom state machine that properly handles quoted strings and escapes
  3. Use a proper HTTP header parser that respects RFC standards

Impact

This is a broader architectural issue that could affect multiple header types beyond just the Forwarded header.

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: headersIssues related to headers.bugSomething isn't working

    Type

    No type

    Projects

    Serverpod Frameworks

    Status

    Backlog 🗂️

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions