http 5.1.1 → 5.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ef55bbff996952784d0917931b8eaa6f12a1adfc9cc480daf098cbc8cd8f6107
-  data.tar.gz: 222f8e8723969f89994fe2a0692c41786e450c200c45b84f5c8418f736254a64
+  metadata.gz: 8593353cd2283b2ac49c557ff71d5f1a668066dbac59b3d2a6f59429b9b2f5e8
+  data.tar.gz: e9316b3c4dd519825eeaa255a4f86932ce4a9e7f374f9be8273ca4051f5b9c3d
 SHA512:
-  metadata.gz: 49b0c9e508fb02fca9d9e8a26d707202c5ac67bbdf73fce15b616b321545a3a32be96eb9e23f4d389687ad1720372eaba4412e18d800c5d29fab5bb0f4bc0d93
-  data.tar.gz: 1b2e22b2b33abe8059e78535556a15c53959b321fb225cd84153d5a8ea608ba4d03ead9cf018720f63b1e7c27c477f8c3f1b151cae60f2d50b6811e7dd9f5bcc
+  metadata.gz: 0ae34b411a233ca8601aebe2295f2a1d8e0bec7e742a95fdd6e075b4f7dd3c68d42448cfbac1146b645ee59424e91af8eb3878c43e7a7fb17c3569681cf4ccf3
+  data.tar.gz: a76bc0a41338e67677370014d803ea79e3a34078172cc81491f31b085613394c7290b2402e199a2e1de77c7fecf7e05fde8fc2d9924016105ce429751f202e85

data/.github/workflows/ci.yml

@@ -2,9 +2,9 @@ name: CI
 
 on:
   push:
-    branches: [ main ]
+    branches: [ main, 5-x-stable ]
   pull_request:
-    branches: [ main ]
+    branches: [ main, 5-x-stable ]
 
 env:
   BUNDLE_WITHOUT: "development"
@@ -16,11 +16,11 @@ jobs:
 
     strategy:
       matrix:
-        ruby: [ ruby-2.6, ruby-2.7, ruby-3.0, ruby-3.1 ]
+        ruby: [ ruby-2.6, ruby-2.7, ruby-3.0, ruby-3.1, ruby-3.2, ruby-3.3 ]
         os: [ ubuntu-latest ]
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - uses: ruby/setup-ruby@v1
         with:
@@ -30,14 +30,6 @@ jobs:
       - name: bundle exec rspec
         run: bundle exec rspec --format progress --force-colour
 
-      - name: Prepare Coveralls test coverage report
-        uses: coverallsapp/github-action@v1.1.2
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          flag-name: "${{ matrix.ruby }} @${{ matrix.os }}"
-          path-to-lcov: ./coverage/lcov/lcov.info
-          parallel: true
-
   test-flaky:
     runs-on: ${{ matrix.os }}
 
@@ -47,7 +39,7 @@ jobs:
         os: [ ubuntu-latest ]
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - uses: ruby/setup-ruby@v1
         with:
@@ -58,21 +50,11 @@ jobs:
         continue-on-error: true
         run: bundle exec rspec --format progress --force-colour
 
-  coveralls:
-    needs: test
-    runs-on: ubuntu-latest
-    steps:
-      - name: Finalize Coveralls test coverage report
-        uses: coverallsapp/github-action@master
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          parallel-finished: true
-
   lint:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - uses: ruby/setup-ruby@v1
         with:

data/.rubocop/metrics.yml

@@ -0,0 +1,4 @@
+Metrics/BlockLength:
+  Exclude:
+    - 'spec/**/*.rb'
+    - '*.gemspec'

data/.rubocop.yml

@@ -1,6 +1,7 @@
 inherit_from:
   - .rubocop_todo.yml
   - .rubocop/layout.yml
+  - .rubocop/metrics.yml
   - .rubocop/style.yml
 
 AllCops:

data/CHANGELOG.md

@@ -0,0 +1,41 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [5.2.0] - 2024-02-05
+
+### Added
+
+- Add `Connection#finished_request?`
+  ([#743](https://github.com/httprb/http/pull/743))
+- Add `Instrumentation#on_error`
+  ([#746](https://github.com/httprb/http/pull/746))
+- Add `base64` dependency (suppresses warnings on Ruby 3.0)
+  ([#759](https://github.com/httprb/http/pull/759))
+- Add `PURGE` HTTP verb
+  ([#757](https://github.com/httprb/http/pull/757))
+- Add Ruby-3.3 support
+
+### Changed
+
+- **BREAKING** Process features in reverse order
+  ([#766](https://github.com/httprb/http/pull/766))
+- **BREAKING** Downcase Content-Type charset name
+  ([#753](https://github.com/httprb/http/pull/753))
+- **BREAKING** Make URI normalization more conservative
+  ([#758](https://github.com/httprb/http/pull/758))
+
+### Fixed
+
+- Close sockets on initialize failure
+  ([#762](https://github.com/httprb/http/pull/762))
+- Prevent CRLF injection due to broken URL normalizer
+  ([#765](https://github.com/httprb/http/pull/765))
+
+[unreleased]: https://github.com/httprb/http/compare/v5.2.0...5-x-stable
+[5.2.0]: https://github.com/httprb/http/compare/v5.1.1...v5.2.0

data/{CHANGES.md → CHANGES_OLD.md}

@@ -54,7 +54,7 @@
   Use features on redirected requests.
   ([@nomis])
 
-* [#678](https://github.com/schwern)
+* [#678](https://github.com/httprb/http/pull/678)
   Restore `HTTP::Response` `:uri` option for backwards compatibility.
   ([@schwern])
 

data/README.md

@@ -110,11 +110,13 @@ and call `#readpartial` on it repeatedly until it returns `nil`:
 This library aims to support and is [tested against][build-link]
 the following Ruby  versions:
 
+- JRuby 9.3
 - Ruby 2.6
 - Ruby 2.7
 - Ruby 3.0
 - Ruby 3.1
-- JRuby 9.3
+- Ruby 3.2
+- Ruby 3.3
 
 If something doesn't work on one of these versions, it's a bug.
 
@@ -160,5 +162,5 @@ See LICENSE.txt for further details.
 [//]: # (links)
 
 [documentation]: https://github.com/httprb/http/wiki
-[requests]: http://docs.python-requests.org/en/latest/
+[requests]: https://docs.python-requests.org/en/latest/
 [llhttp]: https://llhttp.org/

data/SECURITY.md

@@ -1,5 +1,17 @@
 # Security Policy
 
+## Supported Versions
+
+Security updates are applied only to the most recent release.
+
 ## Reporting a Vulnerability
 
-Please report security issues to `bascule@gmail.com`
+If you have discovered a security vulnerability in this project, please report
+it privately. **Do not disclose it as a public issue.** This gives us time to
+work with you to fix the issue before public exposure, reducing the chance that
+the exploit will be used before a patch is released.
+
+Please disclose it at [security advisory](https://github.com/httprb/http/security/advisories/new).
+
+This project is maintained by a team of volunteers on a reasonable-effort basis.
+As such, please give us at least 90 days to work on a fix before public exposure.

data/http.gemspec

@@ -28,9 +28,10 @@ Gem::Specification.new do |gem|
   gem.required_ruby_version = ">= 2.6"
 
   gem.add_runtime_dependency "addressable",    "~> 2.8"
+  gem.add_runtime_dependency "base64",         "~> 0.1"
   gem.add_runtime_dependency "http-cookie",    "~> 1.0"
   gem.add_runtime_dependency "http-form_data", "~> 2.2"
-  gem.add_runtime_dependency "llhttp-ffi",     "~> 0.4.0"
+  gem.add_runtime_dependency "llhttp-ffi",     "~> 0.5.0"
 
   gem.add_development_dependency "bundler", "~> 2.0"
 
@@ -38,7 +39,7 @@ Gem::Specification.new do |gem|
     "source_code_uri"       => "https://github.com/httprb/http",
     "wiki_uri"              => "https://github.com/httprb/http/wiki",
     "bug_tracker_uri"       => "https://github.com/httprb/http/issues",
-    "changelog_uri"         => "https://github.com/httprb/http/blob/v#{HTTP::VERSION}/CHANGES.md",
+    "changelog_uri"         => "https://github.com/httprb/http/blob/v#{HTTP::VERSION}/CHANGELOG.md",
     "rubygems_mfa_required" => "true"
   }
 end

data/lib/http/client.rb

@@ -184,7 +184,7 @@ module HTTP
         form
       when opts.json
         body = MimeType[:json].encode opts.json
-        headers[Headers::CONTENT_TYPE] ||= "application/json; charset=#{body.encoding.name}"
+        headers[Headers::CONTENT_TYPE] ||= "application/json; charset=#{body.encoding.name.downcase}"
         body
       end
     end

data/lib/http/connection.rb

@@ -46,6 +46,9 @@ module HTTP
       reset_timer
     rescue IOError, SocketError, SystemCallError => e
       raise ConnectionError, "failed to connect: #{e}", e.backtrace
+    rescue TimeoutError
+      close
+      raise
     end
 
     # @see (HTTP::Response::Parser#status_code)
@@ -126,12 +129,16 @@ module HTTP
     # Close the connection
     # @return [void]
     def close
-      @socket.close unless @socket.closed?
+      @socket.close unless @socket&.closed?
 
       @pending_response = false
       @pending_request  = false
     end
 
+    def finished_request?
+      !@pending_request && !@pending_response
+    end
+
     # Whether we're keeping the conn alive
     # @return [Boolean]
     def keep_alive?

data/lib/http/features/instrumentation.rb

@@ -19,11 +19,12 @@ module HTTP
     #    and `finish` so the duration of the request can be calculated.
     #
     class Instrumentation < Feature
-      attr_reader :instrumenter, :name
+      attr_reader :instrumenter, :name, :error_name
 
       def initialize(instrumenter: NullInstrumenter.new, namespace: "http")
         @instrumenter = instrumenter
         @name = "request.#{namespace}"
+        @error_name = "error.#{namespace}"
       end
 
       def wrap_request(request)
@@ -39,6 +40,10 @@ module HTTP
         response
       end
 
+      def on_error(request, error)
+        instrumenter.instrument(error_name, :request => request, :error => error)
+      end
+
       HTTP::Options.register_feature(:instrumentation, self)
 
       class NullInstrumenter

data/lib/http/request.rb

@@ -49,7 +49,10 @@ module HTTP
       :search,
 
       # RFC 4791: Calendaring Extensions to WebDAV -- CalDAV
-      :mkcalendar
+      :mkcalendar,
+
+      # Implemented by several caching servers, like Squid, Varnish or Fastly
+      :purge
     ].freeze
 
     # Allowed schemes
@@ -172,7 +175,9 @@ module HTTP
           uri.omit(:fragment)
         else
           uri.request_uri
-        end
+        end.to_s
+
+      raise RequestError, "Invalid request URI: #{request_uri.inspect}" if request_uri.match?(/\s/)
 
       "#{verb.to_s.upcase} #{request_uri} HTTP/#{version}"
     end
@@ -230,7 +235,11 @@ module HTTP
 
     # @return [String] Default host (with port if needed) header value.
     def default_host_header_value
-      PORTS[@scheme] == port ? host : "#{host}:#{port}"
+      value = PORTS[@scheme] == port ? host : "#{host}:#{port}"
+
+      raise RequestError, "Invalid host: #{value.inspect}" if value.match?(/\s/)
+
+      value
     end
 
     def prepare_body(body)

data/lib/http/timeout/null.rb

@@ -1,15 +1,10 @@
 # frozen_string_literal: true
 
-require "forwardable"
 require "io/wait"
 
 module HTTP
   module Timeout
     class Null
-      extend Forwardable
-
-      def_delegators :@socket, :close, :closed?
-
       attr_reader :options, :socket
 
       def initialize(options = {})
@@ -27,6 +22,14 @@ module HTTP
         @socket.connect
       end
 
+      def close
+        @socket&.close
+      end
+
+      def closed?
+        @socket&.closed?
+      end
+
       # Configures the SSL connection and starts the connection
       def start_tls(host, ssl_socket_class, ssl_context)
         @socket = ssl_socket_class.new(socket, ssl_context)

data/lib/http/uri.rb

@@ -37,6 +37,9 @@ module HTTP
     # @private
     HTTPS_SCHEME = "https"
 
+    # @private
+    PERCENT_ENCODE = /[^\x21-\x7E]+/.freeze
+
     # @private
     NORMALIZER = lambda do |uri|
       uri = HTTP::URI.parse uri
@@ -44,8 +47,8 @@ module HTTP
       HTTP::URI.new(
         :scheme    => uri.normalized_scheme,
         :authority => uri.normalized_authority,
-        :path      => uri.normalized_path,
-        :query     => uri.query,
+        :path      => uri.path.empty? ? "/" : percent_encode(Addressable::URI.normalize_path(uri.path)),
+        :query     => percent_encode(uri.query),
         :fragment  => uri.normalized_fragment
       )
     end
@@ -71,6 +74,19 @@ module HTTP
       Addressable::URI.form_encode(form_values, sort)
     end
 
+    # Percent-encode all characters matching a regular expression.
+    #
+    # @param [String] string raw string
+    #
+    # @return [String] encoded value
+    #
+    # @private
+    def self.percent_encode(string)
+      string&.gsub(PERCENT_ENCODE) do |substr|
+        substr.encode(Encoding::UTF_8).bytes.map { |c| format("%%%02X", c) }.join
+      end
+    end
+
     # Creates an HTTP::URI instance from the given options
     #
     # @param [Hash, Addressable::URI] options_or_uri

data/lib/http/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module HTTP
-  VERSION = "5.1.1"
+  VERSION = "5.2.0"
 end

data/spec/lib/http/client_spec.rb

@@ -261,6 +261,7 @@ RSpec.describe HTTP::Client do
 
       expect(HTTP::Request).to receive(:new) do |opts|
         expect(opts[:body]).to eq '{"foo":"bar"}'
+        expect(opts[:headers]["Content-Type"]).to eq "application/json; charset=utf-8"
       end
 
       client.get("http://example.com/", :json => {:foo => :bar})

data/spec/lib/http/connection_spec.rb

@@ -8,11 +8,31 @@ RSpec.describe HTTP::Connection do
       :headers => {}
     )
   end
-  let(:socket) { double(:connect => nil) }
+  let(:socket) { double(:connect => nil, :close => nil) }
   let(:timeout_class) { double(:new => socket) }
   let(:opts) { HTTP::Options.new(:timeout_class => timeout_class) }
   let(:connection) { HTTP::Connection.new(req, opts) }
 
+  describe "#initialize times out" do
+    let(:req) do
+      HTTP::Request.new(
+        :verb    => :get,
+        :uri     => "https://example.com/",
+        :headers => {}
+      )
+    end
+
+    before do
+      expect(socket).to receive(:start_tls).and_raise(HTTP::TimeoutError)
+      expect(socket).to receive(:closed?) { false }
+      expect(socket).to receive(:close)
+    end
+
+    it "closes the connection" do
+      expect { connection }.to raise_error(HTTP::TimeoutError)
+    end
+  end
+
   describe "#read_headers!" do
     before do
       connection.instance_variable_set(:@pending_response, true)
@@ -58,9 +78,11 @@ RSpec.describe HTTP::Connection do
       connection.read_headers!
       buffer = String.new
       while (s = connection.readpartial(3))
+        expect(connection.finished_request?).to be false if s != ""
         buffer << s
       end
       expect(buffer).to eq "1234567890"
+      expect(connection.finished_request?).to be true
     end
   end
 end

data/spec/lib/http/features/instrumentation_spec.rb

@@ -59,4 +59,23 @@ RSpec.describe HTTP::Features::Instrumentation do
       expect(instrumenter.output[:finish]).to eq(:response => response)
     end
   end
+
+  describe "logging errors" do
+    let(:request) do
+      HTTP::Request.new(
+        :verb    => :post,
+        :uri     => "https://example.com/",
+        :headers => {:accept => "application/json"},
+        :body    => '{"hello": "world!"}'
+      )
+    end
+
+    let(:error) { HTTP::TimeoutError.new }
+
+    it "should log the error" do
+      feature.on_error(request, error)
+
+      expect(instrumenter.output[:finish]).to eq(:request => request, :error => error)
+    end
+  end
 end

data/spec/lib/http/options/headers_spec.rb

@@ -14,7 +14,11 @@ RSpec.describe HTTP::Options, "headers" do
   end
 
   it "accepts any object that respond to :to_hash" do
-    x = Struct.new(:to_hash).new("accept" => "json")
+    x = if RUBY_VERSION >= "3.2.0"
+          Data.define(:to_hash).new(:to_hash => { "accept" => "json" })
+        else
+          Struct.new(:to_hash).new({ "accept" => "json" })
+        end
     expect(opts.with_headers(x).headers["accept"]).to eq("json")
   end
 end

data/spec/lib/http/uri/normalizer_spec.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+RSpec.describe HTTP::URI::NORMALIZER do
+  describe "scheme" do
+    it "lower-cases scheme" do
+      expect(HTTP::URI::NORMALIZER.call("HttP://example.com").scheme).to eq "http"
+    end
+  end
+
+  describe "hostname" do
+    it "lower-cases hostname" do
+      expect(HTTP::URI::NORMALIZER.call("http://EXAMPLE.com").host).to eq "example.com"
+    end
+
+    it "decodes percent-encoded hostname" do
+      expect(HTTP::URI::NORMALIZER.call("http://ex%61mple.com").host).to eq "example.com"
+    end
+
+    it "removes trailing period in hostname" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com.").host).to eq "example.com"
+    end
+
+    it "IDN-encodes non-ASCII hostname" do
+      expect(HTTP::URI::NORMALIZER.call("http://exämple.com").host).to eq "xn--exmple-cua.com"
+    end
+  end
+
+  describe "path" do
+    it "ensures path is not empty" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com").path).to eq "/"
+    end
+
+    it "preserves double slashes in path" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com//a///b").path).to eq "//a///b"
+    end
+
+    it "resolves single-dot segments in path" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/a/./b").path).to eq "/a/b"
+    end
+
+    it "resolves double-dot segments in path" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/a/b/../c").path).to eq "/a/c"
+    end
+
+    it "resolves leading double-dot segments in path" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/../a/b").path).to eq "/a/b"
+    end
+
+    it "percent-encodes control characters in path" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/\x00\x7F\n").path).to eq "/%00%7F%0A"
+    end
+
+    it "percent-encodes space in path" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/a b").path).to eq "/a%20b"
+    end
+
+    it "percent-encodes non-ASCII characters in path" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/キョ").path).to eq "/%E3%82%AD%E3%83%A7"
+    end
+
+    it "does not percent-encode non-special characters in path" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/~.-_!$&()*,;=:@{}").path).to eq "/~.-_!$&()*,;=:@{}"
+    end
+
+    it "preserves escape sequences in path" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/%41").path).to eq "/%41"
+    end
+  end
+
+  describe "query" do
+    it "allows no query" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com").query).to be_nil
+    end
+
+    it "percent-encodes control characters in query" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/?\x00\x7F\n").query).to eq "%00%7F%0A"
+    end
+
+    it "percent-encodes space in query" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/?a b").query).to eq "a%20b"
+    end
+
+    it "percent-encodes non-ASCII characters in query" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com?キョ").query).to eq "%E3%82%AD%E3%83%A7"
+    end
+
+    it "does not percent-encode non-special characters in query" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/?~.-_!$&()*,;=:@{}?").query).to eq "~.-_!$&()*,;=:@{}?"
+    end
+
+    it "preserves escape sequences in query" do
+      expect(HTTP::URI::NORMALIZER.call("http://example.com/?%41").query).to eq "%41"
+    end
+  end
+end

data/spec/lib/http_spec.rb

@@ -460,20 +460,37 @@ RSpec.describe HTTP do
 
     context "with :normalize_uri" do
       it "normalizes URI" do
-        response = HTTP.get "#{dummy.endpoint}/hello world"
+        response = HTTP.get "#{dummy.endpoint}/héllö-wörld"
         expect(response.to_s).to eq("hello world")
       end
 
       it "uses the custom URI Normalizer method" do
         client = HTTP.use(:normalize_uri => {:normalizer => :itself.to_proc})
-        response = client.get("#{dummy.endpoint}/hello world")
+        response = client.get("#{dummy.endpoint}/héllö-wörld")
         expect(response.status).to eq(400)
       end
 
+      it "raises if custom URI Normalizer returns invalid path" do
+        client = HTTP.use(:normalize_uri => {:normalizer => :itself.to_proc})
+        expect { client.get("#{dummy.endpoint}/hello\nworld") }.
+          to raise_error HTTP::RequestError, 'Invalid request URI: "/hello\nworld"'
+      end
+
+      it "raises if custom URI Normalizer returns invalid host" do
+        normalizer = lambda do |uri|
+          uri.port = nil
+          uri.instance_variable_set(:@host, "example\ncom")
+          uri
+        end
+        client = HTTP.use(:normalize_uri => {:normalizer => normalizer})
+        expect { client.get(dummy.endpoint) }.
+          to raise_error HTTP::RequestError, 'Invalid host: "example\ncom"'
+      end
+
       it "uses the default URI normalizer" do
         client = HTTP.use :normalize_uri
         expect(HTTP::URI::NORMALIZER).to receive(:call).and_call_original
-        response = client.get("#{dummy.endpoint}/hello world")
+        response = client.get("#{dummy.endpoint}/héllö-wörld")
         expect(response.to_s).to eq("hello world")
       end
     end

data/spec/support/dummy_server/servlet.rb

@@ -9,9 +9,9 @@ class DummyServer < WEBrick::HTTPServer
       @sockets ||= []
     end
 
-    def not_found(_req, res)
+    def not_found(req, res)
       res.status = 404
-      res.body   = "Not Found"
+      res.body   = "#{req.unparsed_uri} not found"
     end
 
     def self.handlers
@@ -27,7 +27,7 @@ class DummyServer < WEBrick::HTTPServer
         def do_#{method.upcase}(req, res)
           handler = self.class.handlers["#{method}:\#{req.path}"]
           return instance_exec(req, res, &handler) if handler
-          not_found
+          not_found(req, res)
         end
       RUBY
     end
@@ -68,7 +68,7 @@ class DummyServer < WEBrick::HTTPServer
     end
 
     get "/params" do |req, res|
-      next not_found unless "foo=bar" == req.query_string
+      next not_found(req, res) unless "foo=bar" == req.query_string
 
       res.status = 200
       res.body   = "Params!"
@@ -77,7 +77,7 @@ class DummyServer < WEBrick::HTTPServer
     get "/multiple-params" do |req, res|
       params = CGI.parse req.query_string
 
-      next not_found unless {"foo" => ["bar"], "baz" => ["quux"]} == params
+      next not_found(req, res) unless {"foo" => ["bar"], "baz" => ["quux"]} == params
 
       res.status = 200
       res.body   = "More Params!"
@@ -149,7 +149,7 @@ class DummyServer < WEBrick::HTTPServer
       res.body   = req.body
     end
 
-    get "/hello world" do |_req, res|
+    get "/héllö-wörld".b do |_req, res|
       res.status = 200
       res.body   = "hello world"
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: http
 version: !ruby/object:Gem::Version
-  version: 5.1.1
+  version: 5.2.0
 platform: ruby
 authors:
 - Tony Arcieri
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-17 00:00:00.000000000 Z
+date: 2024-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -27,6 +27,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.8'
+- !ruby/object:Gem::Dependency
+  name: base64
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: http-cookie
   requirement: !ruby/object:Gem::Requirement
@@ -61,14 +75,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.0
+        version: 0.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.0
+        version: 0.5.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -96,10 +110,12 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".rubocop/layout.yml"
+- ".rubocop/metrics.yml"
 - ".rubocop/style.yml"
 - ".rubocop_todo.yml"
 - ".yardopts"
-- CHANGES.md
+- CHANGELOG.md
+- CHANGES_OLD.md
 - CONTRIBUTING.md
 - Gemfile
 - Guardfile
@@ -169,6 +185,7 @@ files:
 - spec/lib/http/response/parser_spec.rb
 - spec/lib/http/response/status_spec.rb
 - spec/lib/http/response_spec.rb
+- spec/lib/http/uri/normalizer_spec.rb
 - spec/lib/http/uri_spec.rb
 - spec/lib/http_spec.rb
 - spec/regression_specs.rb
@@ -192,7 +209,7 @@ metadata:
   source_code_uri: https://github.com/httprb/http
   wiki_uri: https://github.com/httprb/http/wiki
   bug_tracker_uri: https://github.com/httprb/http/issues
-  changelog_uri: https://github.com/httprb/http/blob/v5.1.1/CHANGES.md
+  changelog_uri: https://github.com/httprb/http/blob/v5.2.0/CHANGELOG.md
   rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
@@ -209,7 +226,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.5.4
 signing_key:
 specification_version: 4
 summary: HTTP should be easy
@@ -240,6 +257,7 @@ test_files:
 - spec/lib/http/response/parser_spec.rb
 - spec/lib/http/response/status_spec.rb
 - spec/lib/http/response_spec.rb
+- spec/lib/http/uri/normalizer_spec.rb
 - spec/lib/http/uri_spec.rb
 - spec/lib/http_spec.rb
 - spec/regression_specs.rb