Splitting the resource request into more usable pieces

Raw Path

Preliminaries

This note describes the steps taken by the server to split the raw request path into a resource path, a query string, and key-value parameters.

The HTTP/2 :path pseudo-header contains the requested resource path and any query-string values. Each of the following operations are performed by the Raw Path handler, immediately after the Resource Mask handler has performed any rewrite operations:

  • The raw pseudo-header is split into two halves at the first occurrence of a QUESTION-MARK.
  • The query string, when present, is decomposed into one or more key-value pairs, which are stored in a parameter map.
  • The resource path is canonicalized in order to prevent misuse.

Software engineers who are developing dynamic modules can access this parsed data via the WorkOrder object. These values are apropos to this handler:

  • _resourcePath: the portion of the request header's :path that contains the resource path without any query-string.
  • _queryString: a String that contains the unparsed query-string portion of the request header's :path.
  • _parameterMap: an ES6 Map, where the keys and values are Strings that have been obtained by decomposing the query-string portion of the request's :path header, and reversing any url-encoding that may have existed.

Information headers

If the _resourcePath variable contains any relative path parts (./ or ../), they are normalized by the handler prior to storage. If the normalization yields an absolute file-system path that is outside the website's declared document-root, the request is rejected with a status code 400 and an information header of rw-resource-path-illegal.

If the resource path length is longer than 255 characters, the request is rejected with a status code 414 and an information header of rw-resource-path-length.

Configuration

There are no configurable options associated with this handler.

Review

Key points to remember:

  • The raw path handler is called after the Resource Mask handler.
  • The parsed data is available to dynamic modules via the WorkOrder object.

Splitting the resource request into more usable pieces