From: James Tucker <jftucker@gmail.com>
To: rack-devel@googlegroups.com
Subject: Re: [RFC/PATCH] lint: additional response checking/skipping for hijack
Date: Mon, 28 Jan 2013 14:01:55 -0800 [thread overview]
Message-ID: <CABGa_T9WZkh9gLOdJHSx0aD=PmJ9puQATHbPrFLLtCP22B7NZA@mail.gmail.com> (raw)
In-Reply-To: <20130123002048.GA362@dcvr.yhbt.net>
[-- Attachment #1: Type: text/plain, Size: 2477 bytes --]
I'd generally recommend that the hijacking app return valid stub data,
something like: [200, {}, []].
On 22 January 2013 16:20, Eric Wong <normalperson@yhbt.net> wrote:
> Not a serious patch for now, at least not all of it.
> I suspect middlewares will break badly if the body.each/body.close
> checks are enforced.
>
> ---
> lib/rack/lint.rb | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/lib/rack/lint.rb b/lib/rack/lint.rb
> index 1bc2127..f895772 100644
> --- a/lib/rack/lint.rb
> +++ b/lib/rack/lint.rb
> @@ -9,6 +9,7 @@ class Lint
> def initialize(app)
> @app = app
> @content_length = nil
> + @response_hijacked = false
> end
>
> # :stopdoc:
> @@ -47,6 +48,15 @@ def _call(env)
>
> ## and returns an Array of exactly three values:
> status, headers, @body = @app.call(env)
> +
> + # hijacked requests may not give a valid response, do not check them
> + if env.include?("rack.hijack_io")
> + # request hijacking implies response hijacking, this will ensure
> + # the response body raises if body.each or body.close gets called
> + @response_hijacked = true
> + return [ status, headers, self ]
> + end
> +
> ## The *status*,
> check_status status
> ## the *headers*,
> @@ -530,6 +540,7 @@ def check_hijack_response(headers, env)
> headers['rack.hijack'] = proc do |io|
> original_hijack.call HijackWrapper.new(io)
> end
> + @response_hijacked = true
> else
> ##
> ## The special response header <tt>rack.hijack</tt> must only be
> set
> @@ -636,6 +647,9 @@ def verify_content_length(bytes)
>
> ## === The Body
> def each
> + assert("server is not attempting to iterate hijacked response
> body") {
> + @response_hijacked == false
> + }
> @closed = false
> bytes = 0
>
> @@ -683,6 +697,9 @@ def each
> end
>
> def close
> + assert("server is not attempting to close hijacked response") {
> + @response_hijacked == false
> + }
> @closed = true
> @body.close if @body.respond_to?(:close)
> end
> --
> Eric Wong
>
--
---
You received this message because you are subscribed to the Google Groups "Rack Development" group.
To unsubscribe from this group, send email to rack-devel+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
[-- Attachment #2: Type: text/html, Size: 3239 bytes --]
next prev parent reply other threads:[~2013-01-28 22:01 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-23 0:20 [RFC/PATCH] lint: additional response checking/skipping for hijack Eric Wong
2013-01-28 22:01 ` James Tucker [this message]
2013-04-21 15:41 ` Tim Carey-Smith
2013-04-23 1:37 ` James Tucker
2013-04-23 1:48 ` Tim Carey-Smith
2013-04-28 1:17 ` James Tucker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://groups.google.com/group/rack-devel
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CABGa_T9WZkh9gLOdJHSx0aD=PmJ9puQATHbPrFLLtCP22B7NZA@mail.gmail.com' \
--to=rack-devel@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).