Opened 4 years ago

Closed 4 years ago

#6031 enhancement closed fixed (fixed)

Move the request encoder API to Resource

Reported by: therve Owned by: therve
Priority: normal Milestone: Twisted-12.3
Component: web Keywords:
Cc: jknight Branch: branches/encoder-resource-6031-2
branch-diff, diff-cov, branch-cov, buildbot
Author: therve


The new API merged at #104 is on Site, but it doesn't allow to selectively enable encoders on specific path. It's particularly important given the SSL/Zlib attacks on user-generated requests (see for example).

Change History (6)

comment:1 Changed 4 years ago by DefaultCC Plugin

  • Cc jknight added

comment:2 Changed 4 years ago by therve

  • Author set to therve
  • Branch set to branches/encoder-resource-6031

(In [35846]) Branching to 'encoder-resource-6031'

comment:3 Changed 4 years ago by therve

  • Keywords review added
  • Owner therve deleted

Here it is!

comment:4 Changed 4 years ago by therve

  • Branch changed from branches/encoder-resource-6031 to branches/encoder-resource-6031-2

(In [36174]) Branching to 'encoder-resource-6031-2'

comment:5 Changed 4 years ago by exarkun

  • Keywords review removed
  • Owner set to therve

Thanks. Just some minor doc issues:

  1. Seems like EncodingResourceWrapper shouldn't bother talking about the private interface that is used to implement the behavior it provides (since we don't want to encourage users to do anything with this interface).
  2. Would also be nice to see EncodingResourceWrapper be a little more explicit about what it does: (potentially) apply one of the encodings to the response body generated by the wrapped resource. Perhaps also worth mentioning encodings are not inherited by children of the resource.
  3. in the Resource docstring, instead of "It serves 2 main purposes..." I would write "This serves 2 main purposes...".

That's all. Please fix these and then merge (if the build results look good), thanks!

comment:6 Changed 4 years ago by therve

  • Resolution set to fixed
  • Status changed from new to closed

(In [36181]) Merge encoder-resource-6031-2

Author: therve Reviewer: exarkun Fixes: #6031

Move the encoding mechanism logic in twisted.web from Site to a wrapper Resource, so that users can more selectively apply it. In particular, add a note in the documentation about SSL/zlib attacks on user-generated content.

Note: See TracTickets for help on using tickets.