Range request overlap is handled incorrectly

[dmkret]

RFC 7233, Section 4.4:

The 416 (Range Not Satisfiable) status code indicates that none of
the ranges in the request's Range header field (Section 3.1) overlap
the current extent of the selected resource

For byte ranges, failing to overlap the current extent means that the
first-byte-pos of all of the byte-range-spec values were greater than
the current length of the selected representation.

Current implementation limits end of range and returns 416 error:

sirv/packages/sirv/index.js

Lines 72 to 80 in 886cc96

	let [x, y] = req.headers.range.replace('bytes=', '').split('-');
	let end = opts.end = parseInt(y, 10) || stats.size - 1;
	let start = opts.start = parseInt(x, 10) || 0;
	if (start >= stats.size || end >= stats.size) {
	res.setHeader('Content-Range', `bytes */${stats.size}`);
	res.statusCode = 416;
	return res.end();
	}

end can be limited with Math.min, for example, and excluded from condition

let [x, y] = req.headers.range.replace('bytes=', '').split('-');
let end = opts.end = Math.min(parseInt(y, 10) || stats.size - 1, stats.size - 1);
let start = opts.start = parseInt(x, 10) || 0;

if (start >= stats.size) {
	res.setHeader('Content-Range', `bytes */${stats.size}`);
	res.statusCode = 416;
	return res.end();
}

[bfanger]

For ranges of bytes, if the first byte of the specified range was greater than the length of the sequence, then this error message will be returned.

https://http.dev/416

This is giving problems on Microsoft Azure Platform where a lot of range: bytes=0-8388607 requests are made by Azure Front Door.

[alexbjorlig]

@lukeed what do you think about the #147 ? Is not a low-risk PR - fixing a rather big problem? (Linkedin sends a 'range' => 'bytes=0-3145727', when previewing links.)