fix: parse latin-1 encoded field values correctly (#715)

Author: JakeChampion

integration-tests/js-compute/fixtures/app/src/headers.js

@@ -0,0 +1,17 @@
+/* eslint-env serviceworker */
+
+import { routes } from "./routes.js";
+import { pass, assert } from "./assertions.js";
+
+routes.set("/headers/non-ascii-latin1-field-value", async () => {
+    let response = await fetch("https://http-me.glitch.me/meow?header=cat:é", {
+        backend: "httpme"
+    })
+
+    let text = response.headers.get('cat')
+    console.log("response.headers.get('cat')", response.headers.get('cat'))
+
+    let error = assert(text, "é", `response.headers.get('cat') === "é"`)
+    if (error) { return error }
+    return pass("ok")
+})

integration-tests/js-compute/fixtures/app/src/index.js

@@ -22,6 +22,7 @@ import "./fanout.js"
 import "./fastly-now.js"
 import "./fetch-errors.js"
 import "./geoip.js"
+import "./headers.js"
 import "./include-bytes.js"
 import "./kv-store.js"
 import "./logger.js"

integration-tests/js-compute/fixtures/app/tests.json

@@ -4725,5 +4725,17 @@
       "status": 200,
       "headers": { "content-length": "11" }
     }
+  },
+
+  "GET /headers/non-ascii-latin1-field-value": {
+    "environments": ["compute", "viceroy"],
+    "downstream_request": {
+      "method": "GET",
+      "pathname": "/headers/non-ascii-latin1-field-value"
+    },
+    "downstream_response": {
+      "status": 200,
+      "body": "ok"
+    }
   }
 }

runtime/js-compute-runtime/builtins/headers.cpp

@@ -4,8 +4,8 @@
 #include "core/sequence.hpp"
 #include "host_interface/host_api.h"
 #include "js-compute-builtins.h"
-
 #include "js/Conversions.h"
+#include <iostream>
 
 namespace builtins {
 
@@ -142,10 +142,27 @@ host_api::HostString normalize_header_value(JSContext *cx, JS::MutableHandleValu
     return nullptr;
   }
 
-  auto value = core::encode(cx, value_str);
-  if (!value) {
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+  if (!JS_DeprecatedStringHasLatin1Chars(value_str)) {
+#pragma clang diagnostic pop
+    JS::AutoCheckCannotGC nogc;
+    size_t length;
+    const char16_t *chars = JS_GetTwoByteStringCharsAndLength(cx, nogc, value_str, &length);
+    for (auto i = 0; i < length; i++) {
+      if (chars[i] > 255) {
+        JS_ReportErrorASCII(cx, "header value contains bytes greater than 255");
+        return nullptr;
+      }
+    }
+  }
+
+  host_api::HostString value;
+  value.ptr = JS_EncodeStringToLatin1(cx, value_str);
+  if (!value.ptr) {
     return nullptr;
   }
+  value.len = JS_GetStringLength(value_str);
 
   auto *value_chars = value.begin();
   size_t start = 0;
@@ -205,8 +222,9 @@ bool append_header_value_to_map(JSContext *cx, JS::HandleObject self,
                                 JS::MutableHandleValue normalized_value) {
   JS::RootedValue existing(cx);
   JS::RootedObject map(cx, get_backing_map(self));
-  if (!JS::MapGet(cx, map, normalized_name, &existing))
+  if (!JS::MapGet(cx, map, normalized_name, &existing)) {
     return false;
+  }
 
   // Existing value must only be null if we're in the process if applying
   // header values from a handle.
@@ -271,7 +289,6 @@ bool retrieve_value_for_header_from_handle(JSContext *cx, JS::HandleObject self,
 
   JS::RootedString name_str(cx, name.toString());
   auto name_chars = core::encode(cx, name_str);
-
   auto ret = mode == Headers::Mode::ProxyToRequest
                  ? host_api::HttpReq{handle}.get_header_values(name_chars)
                  : host_api::HttpResp{handle}.get_header_values(name_chars);
@@ -286,9 +303,9 @@ bool retrieve_value_for_header_from_handle(JSContext *cx, JS::HandleObject self,
     return true;
   }
 
-  JS::RootedString val_str(cx);
   for (auto &str : values.value()) {
-    val_str = JS_NewStringCopyUTF8N(cx, JS::UTF8Chars(str.ptr.get(), str.len));
+    JS::RootedString val_str(
+        cx, JS_NewStringCopyN(cx, reinterpret_cast<char *>(str.ptr.get()), str.len));
     if (!val_str) {
       return false;
     }
@@ -403,29 +420,35 @@ std::vector<std::string_view> splitCookiesString(std::string_view cookiesString)
 
 bool ensure_all_header_values_from_handle(JSContext *cx, JS::HandleObject self,
                                           JS::HandleObject backing_map) {
-  if (!lazy_values(self))
+  if (!lazy_values(self)) {
     return true;
+  }
 
   JS::RootedValue iterable(cx);
-  if (!JS::MapKeys(cx, backing_map, &iterable))
+  if (!JS::MapKeys(cx, backing_map, &iterable)) {
     return false;
+  }
 
   JS::ForOfIterator it(cx);
-  if (!it.init(iterable))
+  if (!it.init(iterable)) {
     return false;
+  }
 
   JS::RootedValue name(cx);
   JS::RootedValue v(cx);
   while (true) {
     bool done;
-    if (!it.next(&name, &done))
+    if (!it.next(&name, &done)) {
       return false;
+    }
 
-    if (done)
+    if (done) {
       break;
+    }
 
-    if (!ensure_value_for_header(cx, self, name, &v))
+    if (!ensure_value_for_header(cx, self, name, &v)) {
       return false;
+    }
   }
 
   JS_SetReservedSlot(self, static_cast<uint32_t>(Headers::Slots::HasLazyValues),
@@ -458,18 +481,22 @@ bool Headers::append_header_value(JSContext *cx, JS::HandleObject self, JS::Hand
     std::string_view value = value_chars;
     if (name == "set-cookie") {
       for (auto value : splitCookiesString(value)) {
+        std::span<uint8_t> v = {reinterpret_cast<uint8_t *>(const_cast<char *>(value.data())),
+                                value.size()};
         auto res = mode == Headers::Mode::ProxyToRequest
-                       ? host_api::HttpReq{handle}.append_header(name, value)
-                       : host_api::HttpResp{handle}.append_header(name, value);
+                       ? host_api::HttpReq{handle}.append_header(name, v)
+                       : host_api::HttpResp{handle}.append_header(name, v);
         if (auto *err = res.to_err()) {
           HANDLE_ERROR(cx, *err);
           return false;
         }
       }
     } else {
+      std::span<uint8_t> v = {reinterpret_cast<uint8_t *>(const_cast<char *>(value.data())),
+                              value.size()};
       auto res = mode == Headers::Mode::ProxyToRequest
-                     ? host_api::HttpReq{handle}.append_header(name, value)
-                     : host_api::HttpResp{handle}.append_header(name, value);
+                     ? host_api::HttpReq{handle}.append_header(name, v)
+                     : host_api::HttpResp{handle}.append_header(name, v);
       if (auto *err = res.to_err()) {
         HANDLE_ERROR(cx, *err);
         return false;
@@ -583,8 +610,10 @@ bool Headers::set(JSContext *cx, unsigned argc, JS::Value *vp) {
     auto handle = get_handle(self);
     std::string_view name = name_chars;
     std::string_view val = value_chars;
-    auto res = mode == Mode::ProxyToRequest ? host_api::HttpReq{handle}.insert_header(name, val)
-                                            : host_api::HttpResp{handle}.insert_header(name, val);
+    std::span<uint8_t> v = {reinterpret_cast<uint8_t *>(const_cast<char *>(val.data())),
+                            val.size()};
+    auto res = mode == Mode::ProxyToRequest ? host_api::HttpReq{handle}.insert_header(name, v)
+                                            : host_api::HttpResp{handle}.insert_header(name, v);
     if (auto *err = res.to_err()) {
       HANDLE_ERROR(cx, *err);
       return false;

runtime/js-compute-runtime/host_interface/component/fastly_world.c

@@ -106,18 +106,18 @@ typedef struct {
 typedef struct {
   bool is_err;
   union {
-    fastly_world_option_string_t ok;
+    fastly_world_option_list_u8_t ok;
     fastly_compute_at_edge_http_req_error_t err;
   } val;
-} fastly_world_result_option_string_fastly_compute_at_edge_http_req_error_t;
+} fastly_world_result_option_list_u8_fastly_compute_at_edge_http_req_error_t;
 
 typedef struct {
   bool is_err;
   union {
-    fastly_world_option_list_string_t ok;
+    fastly_world_option_list_list_u8_t ok;
     fastly_compute_at_edge_http_req_error_t err;
   } val;
-} fastly_world_result_option_list_string_fastly_compute_at_edge_http_req_error_t;
+} fastly_world_result_option_list_list_u8_fastly_compute_at_edge_http_req_error_t;
 
 typedef struct {
   bool is_err;
@@ -194,10 +194,10 @@ typedef struct {
 typedef struct {
   bool is_err;
   union {
-    fastly_world_option_list_string_t ok;
+    fastly_world_option_list_list_u8_t ok;
     fastly_compute_at_edge_http_resp_error_t err;
   } val;
-} fastly_world_result_option_list_string_fastly_compute_at_edge_http_resp_error_t;
+} fastly_world_result_option_list_list_u8_fastly_compute_at_edge_http_resp_error_t;
 
 typedef struct {
   bool is_err;
@@ -2259,24 +2259,24 @@ bool fastly_compute_at_edge_http_req_original_header_count(uint32_t *ret, fastly
   }
 }
 
-bool fastly_compute_at_edge_http_req_header_value_get(fastly_compute_at_edge_http_req_request_handle_t h, fastly_world_string_t *name, fastly_world_option_string_t *ret, fastly_compute_at_edge_http_req_error_t *err) {
+bool fastly_compute_at_edge_http_req_header_value_get(fastly_compute_at_edge_http_req_request_handle_t h, fastly_world_string_t *name, fastly_world_option_list_u8_t *ret, fastly_compute_at_edge_http_req_error_t *err) {
   __attribute__((__aligned__(4)))
   uint8_t ret_area[16];
   int32_t ptr = (int32_t) &ret_area;
   __wasm_import_fastly_compute_at_edge_http_req_header_value_get((int32_t) (h), (int32_t) (*name).ptr, (int32_t) (*name).len, ptr);
-  fastly_world_result_option_string_fastly_compute_at_edge_http_req_error_t result;
+  fastly_world_result_option_list_u8_fastly_compute_at_edge_http_req_error_t result;
   switch ((int32_t) (*((uint8_t*) (ptr + 0)))) {
     case 0: {
       result.is_err = false;
-      fastly_world_option_string_t option;
+      fastly_world_option_list_u8_t option;
       switch ((int32_t) (*((uint8_t*) (ptr + 4)))) {
         case 0: {
           option.is_some = false;
           break;
         }
         case 1: {
           option.is_some = true;
-          option.val = (fastly_world_string_t) { (char*)(*((int32_t*) (ptr + 8))), (size_t)(*((int32_t*) (ptr + 12))) };
+          option.val = (fastly_world_list_u8_t) { (uint8_t*)(*((int32_t*) (ptr + 8))), (size_t)(*((int32_t*) (ptr + 12))) };
           break;
         }
       }
@@ -2299,24 +2299,24 @@ bool fastly_compute_at_edge_http_req_header_value_get(fastly_compute_at_edge_htt
   }
 }
 
-bool fastly_compute_at_edge_http_req_header_values_get(fastly_compute_at_edge_http_req_request_handle_t h, fastly_world_string_t *name, fastly_world_option_list_string_t *ret, fastly_compute_at_edge_http_req_error_t *err) {
+bool fastly_compute_at_edge_http_req_header_values_get(fastly_compute_at_edge_http_req_request_handle_t h, fastly_world_string_t *name, fastly_world_option_list_list_u8_t *ret, fastly_compute_at_edge_http_req_error_t *err) {
   __attribute__((__aligned__(4)))
   uint8_t ret_area[16];
   int32_t ptr = (int32_t) &ret_area;
   __wasm_import_fastly_compute_at_edge_http_req_header_values_get((int32_t) (h), (int32_t) (*name).ptr, (int32_t) (*name).len, ptr);
-  fastly_world_result_option_list_string_fastly_compute_at_edge_http_req_error_t result;
+  fastly_world_result_option_list_list_u8_fastly_compute_at_edge_http_req_error_t result;
   switch ((int32_t) (*((uint8_t*) (ptr + 0)))) {
     case 0: {
       result.is_err = false;
-      fastly_world_option_list_string_t option;
+      fastly_world_option_list_list_u8_t option;
       switch ((int32_t) (*((uint8_t*) (ptr + 4)))) {
         case 0: {
           option.is_some = false;
           break;
         }
         case 1: {
           option.is_some = true;
-          option.val = (fastly_world_list_string_t) { (fastly_world_string_t*)(*((int32_t*) (ptr + 8))), (size_t)(*((int32_t*) (ptr + 12))) };
+          option.val = (fastly_world_list_list_u8_t) { (fastly_world_list_u8_t*)(*((int32_t*) (ptr + 8))), (size_t)(*((int32_t*) (ptr + 12))) };
           break;
         }
       }
@@ -2339,7 +2339,7 @@ bool fastly_compute_at_edge_http_req_header_values_get(fastly_compute_at_edge_ht
   }
 }
 
-bool fastly_compute_at_edge_http_req_header_values_set(fastly_compute_at_edge_http_req_request_handle_t h, fastly_world_string_t *name, fastly_world_list_string_t *values, fastly_compute_at_edge_http_req_error_t *err) {
+bool fastly_compute_at_edge_http_req_header_values_set(fastly_compute_at_edge_http_req_request_handle_t h, fastly_world_string_t *name, fastly_world_list_list_u8_t *values, fastly_compute_at_edge_http_req_error_t *err) {
   __attribute__((__aligned__(1)))
   uint8_t ret_area[2];
   int32_t ptr = (int32_t) &ret_area;
@@ -2364,7 +2364,7 @@ bool fastly_compute_at_edge_http_req_header_values_set(fastly_compute_at_edge_ht
   }
 }
 
-bool fastly_compute_at_edge_http_req_header_insert(fastly_compute_at_edge_http_req_request_handle_t h, fastly_world_string_t *name, fastly_world_string_t *value, fastly_compute_at_edge_http_req_error_t *err) {
+bool fastly_compute_at_edge_http_req_header_insert(fastly_compute_at_edge_http_req_request_handle_t h, fastly_world_string_t *name, fastly_world_list_u8_t *value, fastly_compute_at_edge_http_req_error_t *err) {
   __attribute__((__aligned__(1)))
   uint8_t ret_area[2];
   int32_t ptr = (int32_t) &ret_area;
@@ -2389,7 +2389,7 @@ bool fastly_compute_at_edge_http_req_header_insert(fastly_compute_at_edge_http_r
   }
 }
 
-bool fastly_compute_at_edge_http_req_header_append(fastly_compute_at_edge_http_req_request_handle_t h, fastly_world_string_t *name, fastly_world_string_t *value, fastly_compute_at_edge_http_req_error_t *err) {
+bool fastly_compute_at_edge_http_req_header_append(fastly_compute_at_edge_http_req_request_handle_t h, fastly_world_string_t *name, fastly_world_list_u8_t *value, fastly_compute_at_edge_http_req_error_t *err) {
   __attribute__((__aligned__(1)))
   uint8_t ret_area[2];
   int32_t ptr = (int32_t) &ret_area;
@@ -3299,24 +3299,24 @@ bool fastly_compute_at_edge_http_resp_header_value_get(fastly_compute_at_edge_ht
   }
 }
 
-bool fastly_compute_at_edge_http_resp_header_values_get(fastly_compute_at_edge_http_resp_response_handle_t h, fastly_world_string_t *name, fastly_world_option_list_string_t *ret, fastly_compute_at_edge_http_resp_error_t *err) {
+bool fastly_compute_at_edge_http_resp_header_values_get(fastly_compute_at_edge_http_resp_response_handle_t h, fastly_world_string_t *name, fastly_world_option_list_list_u8_t *ret, fastly_compute_at_edge_http_resp_error_t *err) {
   __attribute__((__aligned__(4)))
   uint8_t ret_area[16];
   int32_t ptr = (int32_t) &ret_area;
   __wasm_import_fastly_compute_at_edge_http_resp_header_values_get((int32_t) (h), (int32_t) (*name).ptr, (int32_t) (*name).len, ptr);
-  fastly_world_result_option_list_string_fastly_compute_at_edge_http_resp_error_t result;
+  fastly_world_result_option_list_list_u8_fastly_compute_at_edge_http_resp_error_t result;
   switch ((int32_t) (*((uint8_t*) (ptr + 0)))) {
     case 0: {
       result.is_err = false;
-      fastly_world_option_list_string_t option;
+      fastly_world_option_list_list_u8_t option;
       switch ((int32_t) (*((uint8_t*) (ptr + 4)))) {
         case 0: {
           option.is_some = false;
           break;
         }
         case 1: {
           option.is_some = true;
-          option.val = (fastly_world_list_string_t) { (fastly_world_string_t*)(*((int32_t*) (ptr + 8))), (size_t)(*((int32_t*) (ptr + 12))) };
+          option.val = (fastly_world_list_list_u8_t) { (fastly_world_list_u8_t*)(*((int32_t*) (ptr + 8))), (size_t)(*((int32_t*) (ptr + 12))) };
           break;
         }
       }
@@ -3339,7 +3339,7 @@ bool fastly_compute_at_edge_http_resp_header_values_get(fastly_compute_at_edge_h
   }
 }
 
-bool fastly_compute_at_edge_http_resp_header_values_set(fastly_compute_at_edge_http_resp_response_handle_t h, fastly_world_string_t *name, fastly_world_list_string_t *values, fastly_compute_at_edge_http_resp_error_t *err) {
+bool fastly_compute_at_edge_http_resp_header_values_set(fastly_compute_at_edge_http_resp_response_handle_t h, fastly_world_string_t *name, fastly_world_list_list_u8_t *values, fastly_compute_at_edge_http_resp_error_t *err) {
   __attribute__((__aligned__(1)))
   uint8_t ret_area[2];
   int32_t ptr = (int32_t) &ret_area;
@@ -3364,7 +3364,7 @@ bool fastly_compute_at_edge_http_resp_header_values_set(fastly_compute_at_edge_h
   }
 }
 
-bool fastly_compute_at_edge_http_resp_header_insert(fastly_compute_at_edge_http_resp_response_handle_t h, fastly_world_string_t *name, fastly_world_string_t *value, fastly_compute_at_edge_http_resp_error_t *err) {
+bool fastly_compute_at_edge_http_resp_header_insert(fastly_compute_at_edge_http_resp_response_handle_t h, fastly_world_string_t *name, fastly_world_list_u8_t *value, fastly_compute_at_edge_http_resp_error_t *err) {
   __attribute__((__aligned__(1)))
   uint8_t ret_area[2];
   int32_t ptr = (int32_t) &ret_area;
@@ -3389,7 +3389,7 @@ bool fastly_compute_at_edge_http_resp_header_insert(fastly_compute_at_edge_http_
   }
 }
 
-bool fastly_compute_at_edge_http_resp_header_append(fastly_compute_at_edge_http_resp_response_handle_t h, fastly_world_string_t *name, fastly_world_string_t *value, fastly_compute_at_edge_http_resp_error_t *err) {
+bool fastly_compute_at_edge_http_resp_header_append(fastly_compute_at_edge_http_resp_response_handle_t h, fastly_world_string_t *name, fastly_world_list_u8_t *value, fastly_compute_at_edge_http_resp_error_t *err) {
   __attribute__((__aligned__(1)))
   uint8_t ret_area[2];
   int32_t ptr = (int32_t) &ret_area;