From mboxrd@z Thu Jan 1 00:00:00 1970 Delivered-To: chneukirchen@gmail.com Received: by 10.227.175.12 with SMTP id v12csp77888wbz; Mon, 22 Apr 2013 18:37:51 -0700 (PDT) Return-Path: Received-SPF: pass (google.com: domain of rack-devel+bncBD75LW742ECRB26L26FQKGQEU76YVKI@googlegroups.com designates 10.49.104.144 as permitted sender) client-ip=10.49.104.144 Authentication-Results: mr.google.com; spf=pass (google.com: domain of rack-devel+bncBD75LW742ECRB26L26FQKGQEU76YVKI@googlegroups.com designates 10.49.104.144 as permitted sender) smtp.mail=rack-devel+bncBD75LW742ECRB26L26FQKGQEU76YVKI@googlegroups.com; dkim=pass header.i=@googlegroups.com X-Received: from mr.google.com ([10.49.104.144]) by 10.49.104.144 with SMTP id ge16mr11038827qeb.19.1366681071137 (num_hops = 1); Mon, 22 Apr 2013 18:37:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20120806; h=x-received:x-beenthere:x-received:received-spf:mime-version :x-received:in-reply-to:references:date:message-id:subject:from:to :x-original-sender:x-original-authentication-results:reply-to :precedence:mailing-list:list-id:x-google-group-id:list-post :list-help:list-archive:sender:list-subscribe:list-unsubscribe :content-type; bh=xWXBPf+Ubyt3DtAqEuz/P5ts0CAn0WPdIVElnk58CCA=; b=SGkWnLoEi7DYcWt/qiuou9qf2AZHas+cIHURJMfenPQrno/NT7cyJdmfnvACW8ZKgE MomS/KqghrDx0WEGaSHoH6zsLtefTYt033Zjvmo0lvDggExJkr/GH21/TNrBXFaRwS3U Yf4s/tBw9khGE2ldC0WCbkBU8UZyajWwrOEjY05D6DYhT2VgVfijubFoBSksEw5vtVfe FQcP1kY6/NaazvVp1FFwiS2H8pY1smtQzNpFInw9idm2kMNK7kHVsNHtVa2UkxlaAH1o odllRYyhUpH+d5Roa4XQopuwxFPRJ+CPhG7CDPfTVOaPNV9qNs1YunBEgW9X5PV6w/28 VnhA== X-Received: by 10.49.104.144 with SMTP id ge16mr2690464qeb.19.1366681070590; Mon, 22 Apr 2013 18:37:50 -0700 (PDT) X-BeenThere: rack-devel@googlegroups.com Received: by 10.49.71.166 with SMTP id w6ls107879qeu.14.gmail; Mon, 22 Apr 2013 18:37:47 -0700 (PDT) X-Received: by 10.52.26.210 with SMTP id n18mr8556026vdg.8.1366681067374; Mon, 22 Apr 2013 18:37:47 -0700 (PDT) Received: from mail-vc0-f177.google.com (mail-vc0-f177.google.com [209.85.220.177]) by gmr-mx.google.com with ESMTPS id zc17si4277907vdb.3.2013.04.22.18.37.47 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 22 Apr 2013 18:37:47 -0700 (PDT) Received-SPF: pass (google.com: domain of jftucker@gmail.com designates 209.85.220.177 as permitted sender) client-ip=209.85.220.177; Received: by mail-vc0-f177.google.com with SMTP id hr11so102662vcb.8 for ; Mon, 22 Apr 2013 18:37:47 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.220.147.12 with SMTP id j12mr20996559vcv.59.1366681067260; Mon, 22 Apr 2013 18:37:47 -0700 (PDT) Received: by 10.220.154.6 with HTTP; Mon, 22 Apr 2013 18:37:47 -0700 (PDT) In-Reply-To: References: <20130123002048.GA362@dcvr.yhbt.net> Date: Mon, 22 Apr 2013 18:37:47 -0700 Message-ID: Subject: Re: [RFC/PATCH] lint: additional response checking/skipping for hijack From: James Tucker To: rack-devel@googlegroups.com X-Original-Sender: jftucker@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of jftucker@gmail.com designates 209.85.220.177 as permitted sender) smtp.mail=jftucker@gmail.com; dkim=pass header.i=@gmail.com Reply-To: rack-devel@googlegroups.com Precedence: list Mailing-list: list rack-devel@googlegroups.com; contact rack-devel+owners@googlegroups.com List-ID: X-Google-Group-Id: 486215384060 List-Post: , List-Help: , List-Archive: Sender: rack-devel@googlegroups.com List-Subscribe: , List-Unsubscribe: , Content-Type: multipart/alternative; boundary=047d7b34341c89409c04dafd3b1e --047d7b34341c89409c04dafd3b1e Content-Type: text/plain; charset=ISO-8859-1 The examples do work this way. What are you referring to? On Sun, Apr 21, 2013 at 8:41 AM, Tim Carey-Smith wrote: > Could you update the examples on the original issue to behave in this way? > This is a point of confusion, I think. > > Perhaps this could be added to the SPEC as well? > > On Jan 29, 2013, at 11:01 AM, James Tucker wrote: > > > I'd generally recommend that the hijacking app return valid stub data, > > something like: [200, {}, []]. > > > > > > On 22 January 2013 16:20, Eric Wong wrote: > > > >> Not a serious patch for now, at least not all of it. > >> I suspect middlewares will break badly if the body.each/body.close > >> checks are enforced. > >> > >> --- > >> lib/rack/lint.rb | 17 +++++++++++++++++ > >> 1 file changed, 17 insertions(+) > >> > >> diff --git a/lib/rack/lint.rb b/lib/rack/lint.rb > >> index 1bc2127..f895772 100644 > >> --- a/lib/rack/lint.rb > >> +++ b/lib/rack/lint.rb > >> @@ -9,6 +9,7 @@ class Lint > >> def initialize(app) > >> @app = app > >> @content_length = nil > >> + @response_hijacked = false > >> end > >> > >> # :stopdoc: > >> @@ -47,6 +48,15 @@ def _call(env) > >> > >> ## and returns an Array of exactly three values: > >> status, headers, @body = @app.call(env) > >> + > >> + # hijacked requests may not give a valid response, do not check > them > >> + if env.include?("rack.hijack_io") > >> + # request hijacking implies response hijacking, this will > ensure > >> + # the response body raises if body.each or body.close gets > called > >> + @response_hijacked = true > >> + return [ status, headers, self ] > >> + end > >> + > >> ## The *status*, > >> check_status status > >> ## the *headers*, > >> @@ -530,6 +540,7 @@ def check_hijack_response(headers, env) > >> headers['rack.hijack'] = proc do |io| > >> original_hijack.call HijackWrapper.new(io) > >> end > >> + @response_hijacked = true > >> else > >> ## > >> ## The special response header rack.hijack must only be > >> set > >> @@ -636,6 +647,9 @@ def verify_content_length(bytes) > >> > >> ## === The Body > >> def each > >> + assert("server is not attempting to iterate hijacked response > >> body") { > >> + @response_hijacked == false > >> + } > >> @closed = false > >> bytes = 0 > >> > >> @@ -683,6 +697,9 @@ def each > >> end > >> > >> def close > >> + assert("server is not attempting to close hijacked response") { > >> + @response_hijacked == false > >> + } > >> @closed = true > >> @body.close if @body.respond_to?(:close) > >> end > >> -- > >> Eric Wong > >> > > > > -- > > > > --- > > You received this message because you are subscribed to the Google > Groups "Rack Development" group. > > To unsubscribe from this group, send email to > rack-devel+unsubscribe@googlegroups.com. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "Rack Development" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rack-devel+unsubscribe@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- --- You received this message because you are subscribed to the Google Groups "Rack Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to rack-devel+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. --047d7b34341c89409c04dafd3b1e Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
The examples do work this way.

Wh= at are you referring to?


On Sun, Apr 21, 2013 at 8:41 AM, Tim Carey-Smith <g@spork.= in> wrote:
Could you update the examples on the origina= l issue to behave in this way?
This is a point of confusion, I think.

Perhaps this could be added to the SPEC as well?

On Jan 29, 2013, at 11:01 AM, James Tucker <jftucker@gmail.com> wrote:

> I'd generally recommend that the hijacking app return valid stub d= ata,
> something like: [200, {}, []].
>
>
> On 22 January 2013 16:20, Eric Wong <normalperson@yhbt.net> wrote:
>
>> Not a serious patch for now, at least not all of it.
>> I suspect middlewares will break badly if the body.each/body.close=
>> checks are enforced.
>>
>> ---
>> lib/rack/lint.rb | 17 +++++++++++++++++
>> 1 file changed, 17 insertions(+)
>>
>> diff --git a/lib/rack/lint.rb b/lib/rack/lint.rb
>> index 1bc2127..f895772 100644
>> --- a/lib/rack/lint.rb
>> +++ b/lib/rack/lint.rb
>> @@ -9,6 +9,7 @@ class Lint
>> =A0 =A0 def initialize(app)
>> =A0 =A0 =A0 @app =3D app
>> =A0 =A0 =A0 @content_length =3D nil
>> + =A0 =A0 =A0@response_hijacked =3D false
>> =A0 =A0 end
>>
>> =A0 =A0 # :stopdoc:
>> @@ -47,6 +48,15 @@ def _call(env)
>>
>> =A0 =A0 =A0 ## and returns an Array of exactly three values:
>> =A0 =A0 =A0 status, headers, @body =3D @app.call(env)
>> +
>> + =A0 =A0 =A0# hijacked requests may not give a valid response, do= not check them
>> + =A0 =A0 =A0if env.include?("rack.hijack_io")
>> + =A0 =A0 =A0 =A0# request hijacking implies response hijacking, t= his will ensure
>> + =A0 =A0 =A0 =A0# the response body raises if body.each or body.c= lose gets called
>> + =A0 =A0 =A0 =A0@response_hijacked =3D true
>> + =A0 =A0 =A0 =A0return [ status, headers, self ]
>> + =A0 =A0 =A0end
>> +
>> =A0 =A0 =A0 ## The *status*,
>> =A0 =A0 =A0 check_status status
>> =A0 =A0 =A0 ## the *headers*,
>> @@ -530,6 +540,7 @@ def check_hijack_response(headers, env)
>> =A0 =A0 =A0 =A0 headers['rack.hijack'] =3D proc do |io| >> =A0 =A0 =A0 =A0 =A0 original_hijack.call HijackWrapper.new(io)
>> =A0 =A0 =A0 =A0 end
>> + =A0 =A0 =A0 =A0@response_hijacked =3D true
>> =A0 =A0 =A0 else
>> =A0 =A0 =A0 =A0 ##
>> =A0 =A0 =A0 =A0 ## The special response header <tt>rack.hija= ck</tt> must only be
>> set
>> @@ -636,6 +647,9 @@ def verify_content_length(bytes)
>>
>> =A0 =A0 ## =3D=3D=3D The Body
>> =A0 =A0 def each
>> + =A0 =A0 =A0assert("server is not attempting to iterate hija= cked response
>> body") {
>> + =A0 =A0 =A0 =A0@response_hijacked =3D=3D false
>> + =A0 =A0 =A0}
>> =A0 =A0 =A0 @closed =3D false
>> =A0 =A0 =A0 bytes =3D 0
>>
>> @@ -683,6 +697,9 @@ def each
>> =A0 =A0 end
>>
>> =A0 =A0 def close
>> + =A0 =A0 =A0assert("server is not attempting to close hijack= ed response") {
>> + =A0 =A0 =A0 =A0@response_hijacked =3D=3D false
>> + =A0 =A0 =A0}
>> =A0 =A0 =A0 @closed =3D true
>> =A0 =A0 =A0 @body.close =A0if @body.respond_to?(:close)
>> =A0 =A0 end
>> --
>> Eric Wong
>>
>
> --
>
> ---
> You received this message because you are subscribed to the Google Gro= ups "Rack Development" group.
> To unsubscribe from this group, send email to rack-devel+unsubscribe@googlegroups.co= m.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>

--

---
You received this message because you are subscribed to the Google Groups &= quot;Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to rack-d= evel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



--
 
---
You received this message because you are subscribed to the Google Groups &= quot;Rack Development" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 
--047d7b34341c89409c04dafd3b1e--