Printing method in response without validation

[YasserGersy]

when you request a page with non standard method like GETTTTT22 the server will respond with error method invalid and printing the value back , so we can inject html elements in method fields without spaces
and the server will print it back

[ferd]

Ah, I don't think that it would be a good idea to use cowboyku without vegur. Just use the standard cowboy then. cowboyku is a fork of cowboy with the explicit objective of not holding people back on a specific cowboy version.

This bug is ignored by vegur as a proxy since, well, it is a proxy.

[YasserGersy]

any link for a documentation ?

[ferd]

The README for vegur contains all relevant information for vegur.

This library's own README contains relevant information to the forking of cowboy (with my own emphasis added):

Cowboy is a small, fast and modular HTTP server written in Erlang. Cowboyku is a fork of that server used in conjunction with vegur, Heroku's HTTP proxy library.

It is functionally equivalent to Cowboy 0.10.0, with custom patches added in to function properly as a proxy's web server (Proxies and HTTP servers have slitghly varying specifications) and parser.

Cowboyku is not expected to be used standalone. It is rather a fork used so that both Cowboy and Vegur might be used from within the same virtual machine without holding users of Cowboy back. This allows Heroku to maintain a stable proxy, upgraded at a pace we judge adequate for the production applications on our platform, while any user of the proxy might develop interfaces and matching work on a newer Cowboy version as required.

There is no long-term guarantee this library will be used or maintained. Depending on developments in the Cowboy servers and Heroku's Routing team agenda, we might eventually just drop this fork and go back to mainline (or update it) without further notice.

If you're looking for a web server, you should just use cowboy directly.