Roundup Tracker - Issues

Message6552

Author rouilj
Recipients rouilj, schlatterbeck
Date 2019-06-19.21:46:44
Message-id <20190619214620.7B9F94C037F@itserver6.localdomain>
In-reply-to <1560967042.68.0.358271823986.issue2551047@roundup.psfhosted.org> 
Hi Ralf:

In message <1560967042.68.0.358271823986.issue2551047@roundup.psfhosted.org>,
Ralf Schlatterbeck writes:
>The rest implementation uses several calls to client.request.headers.
>In WSGI 'request' is a RequestDispatcher object from
>roundup/cgi/wsgi_handler.py
>This object doesn't have a 'headers' attribute.
>
>My naive implementation of a headers object would be to take the header
>name, convert it to uppercase and replace '-' with '_', prefix it with
>HTTP_ and look it up in the CGI environment. Is this an acceptable
>solution? Alternatives, better ideas?

The headers are checked in cgi/client.py::handle_csrf using:

       header_names = [ "ORIGIN", "REFERER", "X-FORWARDED-HOST",
            "HOST" ]
       ...
        for header in header_names:
            if (config["WEB_CSRF_ENFORCE_HEADER_%s"%header] == 'required'
                    and "HTTP_%s" % header.replace('-', '_') not in self.env):
                logger.error(self._("csrf header %s required but missing for user%s."), header, current_user)
                raise Unauthorised(self._("Missing header: %s")%header)

so it looks like the env array is being used here as well.

Also in _serve_file:

       # see if there's an if-modified-since...
        # XXX see which interfaces set this
        #if hasattr(self.request, 'headers'):
            #ims = self.request.headers.getheader('if-modified-since')
        if 'HTTP_IF_MODIFIED_SINCE' in self.env:
            # cgi will put the header in the env var

looks like they chose the same solution. Maybe some rationale
for/against this change can be found in the hg repo?

>I found a google groups article that goes into the same direction:
>https://groups.google.com/forum/#!topic/modwsgi/swJmEP79Pds

More support for your suggestion.

>    headers = self.client.request.headers
>AttributeError: 'RequestDispatcher' object has no attribute 'headers'

Are you planning on doing something like:

class HttpHeaders:

  def __init__(self, dict):

  for header, value in items(dict):
     if header.startswith("HTTP"):
       self[header] = value

  return self

then in wsgi_handler:

  RequestDispatcher.headers = HttpHeaders(self.env)

so that RequestDispatcher.headers is a dict?
History
Date User Action Args
2019-06-19 21:46:45rouiljsetrecipients: + rouilj, schlatterbeck
2019-06-19 21:46:44rouiljlinkissue2551047 messages
2019-06-19 21:46:44rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020