Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scrub HTTP response headers #5297

Merged
merged 2 commits into from
Jan 29, 2019
Merged

Scrub HTTP response headers #5297

merged 2 commits into from
Jan 29, 2019

Conversation

Rotonen
Copy link
Contributor

@Rotonen Rotonen commented Jan 25, 2019

  • Bumped ftw.testbrowser to allow for not following redirects to test 302 response headers and bodies
  • Added an even listener for ZPublisher.interfaces.IPubEnd to scrub the server version string
  • Monkey patched setting Bobo Call Interface headers out
  • Also added a test for the recently added traceback scrub from Also hide re-risen Unauthorized tracebacks for non-manager users. #5269

Original implementation of setting Bobo Call Interface headers onto responses:
https://github.com/zopefoundation/Zope/blob/d916c812bdaf518053b0c3cb2cb3545ff73bc288/src/ZPublisher/HTTPResponse.py#L758-L787

Closes #5185

@Rotonen Rotonen added this to the Release 2019.1 milestone Jan 25, 2019
@Rotonen Rotonen requested a review from a team January 25, 2019 21:48
deiferni
deiferni suggested changes Jan 28, 2019
View reviewed changes
Copy link
Contributor

@deiferni deiferni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks 👍 , but please refrain from monkey patching if not absolutely necessary. One more 🔁 if you see another way there.

opengever/base/monkey/patches/scrub_bobo_exceptions.py
"""We do not use the Bobo exception headers for anything."""

def __call__(self):
def _setBCIHeaders(self, t, tb):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i'm quite unhappy about the continuous use of monkey patches 😞 . we should use them as a last resort only. You might have already considered this but just to be sure, is there an event-handler you could register instead of patching and then scrub the headers again? Maybe IPubFailure would work?

deiferni
deiferni approved these changes Jan 28, 2019
View reviewed changes
Copy link
Contributor

@deiferni deiferni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, apparently there is no other way.

@Rotonen
Copy link
Contributor Author

Rotonen commented Jan 28, 2019

And for reference, pushing for it to get removed upstream for Zope 4.

zopefoundation/Zope#462

@Rotonen
Copy link
Contributor Author

Rotonen commented Jan 29, 2019

I've dropped the added test for the now-reverted rerisen error body scrubbing.

Ready for rereview.

@Rotonen Rotonen merged commit 2a0e880 into master Jan 29, 2019
@Rotonen Rotonen deleted the jo-5185 branch January 29, 2019 18:19
@deiferni deiferni mentioned this pull request Feb 7, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deiferni deiferni deiferni approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Release 2019.1
Development

Successfully merging this pull request may close these issues.
2 participants
@Rotonen @deiferni