Splitting the resource request into more usable pieces
Raw Path
Preliminaries
This note describes the steps taken by the server to split the raw request path into a resource path, a query string, and key-value parameters.
The HTTP/2 :path
pseudo-header contains the requested resource path and any query-string values. Each of the following operations are performed by the Raw Path handler, immediately after the Resource Mask handler has performed any rewrite operations:
- The raw pseudo-header is split into two halves at the first occurrence of a QUESTION-MARK.
- The query string, when present, is decomposed into one or more key-value pairs, which are stored in a parameter map.
- The resource path is canonicalized in order to prevent misuse.
Software engineers who are developing dynamic modules can access this parsed data via the WorkOrder
object. These values are apropos to this handler:
_resourcePath
: the portion of the request header's:path
that contains the resource path without any query-string._queryString
: a String that contains the unparsed query-string portion of the request header's:path
._parameterMap
: an ES6 Map, where the keys and values are Strings that have been obtained by decomposing the query-string portion of the request's:path
header, and reversing any url-encoding that may have existed.
Information headers
If the _resourcePath
variable contains any relative path parts (./
or ../
), they are normalized by the handler prior to storage. If the normalization yields an absolute file-system path that is outside the website's declared document-root
, the request is rejected with a status code 400
and an information header of rw-resource-path-illegal
.
If the resource path length is longer than 255 characters, the request is rejected with a status code 414
and an information header of rw-resource-path-length
.
Configuration
There are no configurable options associated with this handler.
Review
Key points to remember:
- The raw path handler is called after the Resource Mask handler.
- The parsed data is available to dynamic modules via the
WorkOrder
object.