Skip to content

Commit

Permalink
generate boundary with token_hex (#2702)
Browse files Browse the repository at this point in the history
* generate boundary with token_hex

* generate boundary with token_hex

* fix

* boundary size

* Update starlette/responses.py

---------

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
  • Loading branch information
trim21 and Kludex authored Sep 25, 2024
1 parent b8139f9 commit 075efd0
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 4 deletions.
5 changes: 3 additions & 2 deletions starlette/responses.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
from email.utils import format_datetime, formatdate
from functools import partial
from mimetypes import guess_type
from random import choices as random_choices
from secrets import token_hex
from urllib.parse import quote

import anyio
Expand Down Expand Up @@ -401,7 +401,8 @@ async def _handle_multiple_ranges(
file_size: int,
send_header_only: bool,
) -> None:
boundary = "".join(random_choices("abcdefghijklmnopqrstuvwxyz0123456789", k=13))
# In firefox and chrome, they use boundary with 95-96 bits entropy (that's roughly 13 bytes).
boundary = token_hex(13)
content_length, header_generator = self.generate_multipart(
ranges, boundary, file_size, self.headers["content-type"]
)
Expand Down
4 changes: 2 additions & 2 deletions tests/test_responses.py
Original file line number Diff line number Diff line change
Expand Up @@ -598,13 +598,13 @@ def test_file_response_range_multi(file_response_client: TestClient) -> None:
response = file_response_client.get("/", headers={"Range": "bytes=0-100, 200-300"})
assert response.status_code == 206
assert response.headers["content-range"].startswith("multipart/byteranges; boundary=")
assert response.headers["content-length"] == "400"
assert response.headers["content-length"] == "439"


def test_file_response_range_multi_head(file_response_client: TestClient) -> None:
response = file_response_client.head("/", headers={"Range": "bytes=0-100, 200-300"})
assert response.status_code == 206
assert response.headers["content-length"] == "400"
assert response.headers["content-length"] == "439"
assert response.content == b""

response = file_response_client.head(
Expand Down

0 comments on commit 075efd0

Please # to comment.