New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

raise Response(400) for CRLFInjection #249

Closed
chadwhitacre opened this Issue Oct 8, 2013 · 4 comments

Comments

Projects
None yet
2 participants
@chadwhitacre
Member

chadwhitacre commented Oct 8, 2013

Right now we raise CRLFInjection if such is detected. It would be helpful from a logging standpoint to be able to class those with other bad user input problems. I propose that CRLFInjection subclass Response and the code is 400.

@pjz

This comment has been minimized.

Contributor

pjz commented Dec 3, 2013

you think? or you think you should insert a translate_CRLFInjection_to_400Response(exc_info) ?

@chadwhitacre

This comment has been minimized.

Member

chadwhitacre commented Dec 3, 2013

Ooooh ... I see what you did there. ;-)

We need some principle by which we decide what functionality goes in Aspen core and what doesn't, and additionally what gets its own function in the algorithm. A topic for Friday's call, perhaps?

@chadwhitacre

This comment has been minimized.

Member

chadwhitacre commented Dec 11, 2013

So what we decided on the call was that we are going to look at using subclasses for all Responses that we raise in Aspen core. That will give developers fine-grained information about and control over request failures.

pjz added a commit that referenced this issue Jan 5, 2014

Fix #249 - raise Response(400) for CRLFInjection
In keeping with our internal response, it's a child object of Response.

@ghost ghost assigned chadwhitacre Jan 5, 2014

chadwhitacre added a commit that referenced this issue Jan 7, 2014

Here's a simpler implemention of #249
This avoids a circular import by burying an import rather than folding
two files together.

pjz added a commit that referenced this issue Jan 7, 2014

Merge pull request #278 from gittip/crlfinjection-response
Here's a simpler implemention of #249
@chadwhitacre

This comment has been minimized.

Member

chadwhitacre commented Jan 10, 2014

Done in #278!

@chadwhitacre chadwhitacre removed their assignment Feb 17, 2016

Changaco pushed a commit that referenced this issue Mar 11, 2016

Here's a simpler implemention of #249
This avoids a circular import by burying an import rather than folding
two files together.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment