diff options
author | 2015-06-02 14:52:35 -0700 | |
---|---|---|
committer | 2015-06-02 14:52:35 -0700 | |
commit | d3a2d40b1095142c365d1236cf186958ac2f5007 (patch) | |
tree | f74e10b9613242e5315207c72164847e1f0288ba /src/objective-c/GRPCClient | |
parent | b9692ca809e4318ae87995cae771e40c04f7c27f (diff) |
Disallow NSString headers with -bin suffix
Diffstat (limited to 'src/objective-c/GRPCClient')
-rw-r--r-- | src/objective-c/GRPCClient/private/NSDictionary+GRPC.m | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/objective-c/GRPCClient/private/NSDictionary+GRPC.m b/src/objective-c/GRPCClient/private/NSDictionary+GRPC.m index 7705aa46a1..e14e503ae0 100644 --- a/src/objective-c/GRPCClient/private/NSDictionary+GRPC.m +++ b/src/objective-c/GRPCClient/private/NSDictionary+GRPC.m @@ -75,6 +75,19 @@ } - (void)grpc_initMetadata:(grpc_metadata *)metadata withKey:(NSString *)key { + if ([key hasSuffix:@"-bin"]) { + // Disallow this, as at best it will confuse the server. If the app really needs to send a + // textual header with a name ending in "-bin", it can be done by removing the suffix and + // encoding the NSString as a NSData object. + // + // Why raise an exception: In the most common case, the developer knows this won't happen in + // their code, so the exception isn't triggered. In the rare cases when the developer can't + // tell, it's easy enough to add a sanitizing filter before the header is set. There, the + // developer can choose whether to drop such a header, or trim its name. Doing either ourselves, + // silently, would be very unintuitive for the user. + [NSException raise:NSInvalidArgumentException + format:@"Metadata keys ending in '-bin' are reserved for NSData values."]; + } // TODO(jcanizales): Encode Unicode chars as ASCII. metadata->key = key.UTF8String; metadata->value = self.UTF8String; |