Message6552
Hi Ralf:
In message <1560967042.68.0.358271823986.issue2551047@roundup.psfhosted.org>,
Ralf Schlatterbeck writes:
>The rest implementation uses several calls to client.request.headers.
>In WSGI 'request' is a RequestDispatcher object from
>roundup/cgi/wsgi_handler.py
>This object doesn't have a 'headers' attribute.
>
>My naive implementation of a headers object would be to take the header
>name, convert it to uppercase and replace '-' with '_', prefix it with
>HTTP_ and look it up in the CGI environment. Is this an acceptable
>solution? Alternatives, better ideas?
The headers are checked in cgi/client.py::handle_csrf using:
header_names = [ "ORIGIN", "REFERER", "X-FORWARDED-HOST",
"HOST" ]
...
for header in header_names:
if (config["WEB_CSRF_ENFORCE_HEADER_%s"%header] == 'required'
and "HTTP_%s" % header.replace('-', '_') not in self.env):
logger.error(self._("csrf header %s required but missing for user%s."), header, current_user)
raise Unauthorised(self._("Missing header: %s")%header)
so it looks like the env array is being used here as well.
Also in _serve_file:
# see if there's an if-modified-since...
# XXX see which interfaces set this
#if hasattr(self.request, 'headers'):
#ims = self.request.headers.getheader('if-modified-since')
if 'HTTP_IF_MODIFIED_SINCE' in self.env:
# cgi will put the header in the env var
looks like they chose the same solution. Maybe some rationale
for/against this change can be found in the hg repo?
>I found a google groups article that goes into the same direction:
>https://groups.google.com/forum/#!topic/modwsgi/swJmEP79Pds
More support for your suggestion.
> headers = self.client.request.headers
>AttributeError: 'RequestDispatcher' object has no attribute 'headers'
Are you planning on doing something like:
class HttpHeaders:
def __init__(self, dict):
for header, value in items(dict):
if header.startswith("HTTP"):
self[header] = value
return self
then in wsgi_handler:
RequestDispatcher.headers = HttpHeaders(self.env)
so that RequestDispatcher.headers is a dict? |
|
Date |
User |
Action |
Args |
2019-06-19 21:46:45 | rouilj | set | recipients:
+ rouilj, schlatterbeck |
2019-06-19 21:46:44 | rouilj | link | issue2551047 messages |
2019-06-19 21:46:44 | rouilj | create | |
|