Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Attempt to prevent responses with Transfer-Encoding: chunked #288

Merged
merged 2 commits into from
May 2, 2022
Merged

Attempt to prevent responses with Transfer-Encoding: chunked #288

merged 2 commits into from
May 2, 2022

Conversation

jeremyevans
Copy link
Contributor

It's probably a bad idea to implement Transfer-Encoding
chunked inside an application, since only HTTP/1.1 supports
it. However, some applications and frameworks still do so.
However, they should only do so if they receive an HTTP/1.1
request, it's certainly a bug in the application to use
Transfer-Encoding: chunked for HTTP/1.0 requests.

Set SERVER_PROTOCOL and HTTP_VERSION to HTTP/1.0 in requests
to try to avoid responses with Transfer-Encoding: chunked.

While here, avoid 4 unnecessary hash allocations by using
either Hash#merge! instead of #merge, or using Hash#[]=
instead of allocating a hash to pass to Hash#update.

@jeremyevans
Attempt to prevent responses with Transfer-Encoding: chunked
8990d2e 
It's probably a bad idea to implement Transfer-Encoding
chunked inside an application, since only HTTP/1.1 supports
it.  However, some applications and frameworks still do so.
However, they should only do so if they receive an HTTP/1.1
request, it's certainly a bug in the application to use
Transfer-Encoding: chunked for HTTP/1.0 requests.

Set SERVER_PROTOCOL and HTTP_VERSION to HTTP/1.0 in requests
to try to avoid responses with Transfer-Encoding: chunked.

While here, avoid 4 unnecessary hash allocations by using
either Hash#merge! instead of #merge, or using Hash#[]=
instead of allocating a hash to pass to Hash#update.
@jeremyevans
Don't consider lint failure as workflow failure
ac7eeb3 
This currently still runs rubocop, but rubocop failure does not
cause workflow failure and won't block merging.
@jeremyevans jeremyevans requested a review from ioquatix May 2, 2022 20:07
@jeremyevans jeremyevans mentioned this pull request May 2, 2022
Closed
ioquatix
ioquatix approved these changes May 2, 2022
View reviewed changes
Copy link
Member

@ioquatix ioquatix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with this.

However I feel that the testing layer should be capable of dealing with different body formats. There are some semantic differences between chunked encoding and content length encoding and in theory we should support testing them.

@jeremyevans jeremyevans merged commit 736a1f9 into rack:main May 2, 2022
@jeremyevans jeremyevans mentioned this pull request May 25, 2022
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@ioquatix ioquatix ioquatix approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jeremyevans @ioquatix