Opened 5 years ago

Closed 5 years ago

#6031 enhancement closed fixed (fixed)

Move the request encoder API to Resource

Reported by: therve Owned by: therve
Priority: normal Milestone: Twisted-12.3
Component: web Keywords:
Cc: jknight Branch: branches/encoder-resource-6031-2
branch-diff, diff-cov, branch-cov, buildbot
Author: therve

Description

The new API merged at #104 is on Site, but it doesn't allow to selectively enable encoders on specific path. It's particularly important given the SSL/Zlib attacks on user-generated requests (see https://bugzilla.redhat.com/show_bug.cgi?id=857051 for example).

Change History (6)

comment:1 Changed 5 years ago by DefaultCC Plugin

Cc: jknight added

comment:2 Changed 5 years ago by therve

Author: therve
Branch: branches/encoder-resource-6031

(In [35846]) Branching to 'encoder-resource-6031'

comment:3 Changed 5 years ago by therve

Keywords: review added
Owner: therve deleted

Here it is!

comment:4 Changed 5 years ago by therve

Branch: branches/encoder-resource-6031branches/encoder-resource-6031-2

(In [36174]) Branching to 'encoder-resource-6031-2'

comment:5 Changed 5 years ago by Jean-Paul Calderone

Keywords: review removed
Owner: set to therve

Thanks. Just some minor doc issues:

  1. Seems like EncodingResourceWrapper shouldn't bother talking about the private interface that is used to implement the behavior it provides (since we don't want to encourage users to do anything with this interface).
  2. Would also be nice to see EncodingResourceWrapper be a little more explicit about what it does: (potentially) apply one of the encodings to the response body generated by the wrapped resource. Perhaps also worth mentioning encodings are not inherited by children of the resource.
  3. in the Resource docstring, instead of "It serves 2 main purposes..." I would write "This serves 2 main purposes...".

That's all. Please fix these and then merge (if the build results look good), thanks!

comment:6 Changed 5 years ago by therve

Resolution: fixed
Status: newclosed

(In [36181]) Merge encoder-resource-6031-2

Author: therve Reviewer: exarkun Fixes: #6031

Move the encoding mechanism logic in twisted.web from Site to a wrapper Resource, so that users can more selectively apply it. In particular, add a note in the documentation about SSL/zlib attacks on user-generated content.

Note: See TracTickets for help on using tickets.