Opened 2 years ago

Closed 23 months ago

#6031 enhancement closed fixed (fixed)

Move the request encoder API to Resource

Reported by: therve Owned by: therve
Priority: normal Milestone: Twisted-12.3
Component: web Keywords:
Cc: jknight Branch: branches/encoder-resource-6031-2
(diff, github, buildbot, log)
Author: therve Launchpad Bug:

Description

The new API merged at #104 is on Site, but it doesn't allow to selectively enable encoders on specific path. It's particularly important given the SSL/Zlib attacks on user-generated requests (see https://bugzilla.redhat.com/show_bug.cgi?id=857051 for example).

Change History (6)

comment:1 Changed 2 years ago by DefaultCC Plugin

  • Cc jknight added

comment:2 Changed 2 years ago by therve

  • Author set to therve
  • Branch set to branches/encoder-resource-6031

(In [35846]) Branching to 'encoder-resource-6031'

comment:3 Changed 2 years ago by therve

  • Keywords review added
  • Owner therve deleted

Here it is!

comment:4 Changed 23 months ago by therve

  • Branch changed from branches/encoder-resource-6031 to branches/encoder-resource-6031-2

(In [36174]) Branching to 'encoder-resource-6031-2'

comment:5 Changed 23 months ago by exarkun

  • Keywords review removed
  • Owner set to therve

Thanks. Just some minor doc issues:

  1. Seems like EncodingResourceWrapper shouldn't bother talking about the private interface that is used to implement the behavior it provides (since we don't want to encourage users to do anything with this interface).
  2. Would also be nice to see EncodingResourceWrapper be a little more explicit about what it does: (potentially) apply one of the encodings to the response body generated by the wrapped resource. Perhaps also worth mentioning encodings are not inherited by children of the resource.
  3. in the Resource docstring, instead of "It serves 2 main purposes..." I would write "This serves 2 main purposes...".

That's all. Please fix these and then merge (if the build results look good), thanks!

comment:6 Changed 23 months ago by therve

  • Resolution set to fixed
  • Status changed from new to closed

(In [36181]) Merge encoder-resource-6031-2

Author: therve
Reviewer: exarkun
Fixes: #6031

Move the encoding mechanism logic in twisted.web from Site to a wrapper
Resource, so that users can more selectively apply it. In particular, add a
note in the documentation about SSL/zlib attacks on user-generated content.

Note: See TracTickets for help on using tickets.