New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
report Erlang and JS version in welcome message #3425
Conversation
Currently I don't have strong opinion on this. |
we could also add it to the |
come to think of it, might be worth getting the OTP version out that way as well, whichever we choose |
Good idea about reporting the JS version, it might give users an idea which JS language features they could target (if they could map the runtime to JS features). We do already report the OTP version in the welcome point as a header:
Would it be too obscure to append the JS version to the |
@nickva I remembered that we report that in the header but thought we might want to not add info to each request that never changes per server. That kick-started a few more thoughts:
Then I though we should just re-use the existing capabilities mechanism in So I think we should just add this to the server info JSON from
(the SpiderMonkey version should be a string, so we can express That way:
|
We added the I might use |
Also +1 to not using the capability strings, that's meant to advertise features this particular CouchDB is compatible with. I can see why that might be used for JS stuff (ECMAScript compatibility level, e.g.) but that's a translation from the JS version, not the actual SM JS version itself...and wouldn't make sense at all for the Erlang/OTP version. |
@janl good point on not adding extra static info to all the headers, I hadn't thought of that For javascript we might want to add an info object in case we switch away from spidermonkey to say v8 or other engine. @wohali good idea, if we know the ECMAScript version we could add it to the |
bb1754d
to
335170e
Compare
Added
|
cb0ca9d
to
809fc53
Compare
@janl looks good, I like having the extra info in there. But am wondering, since this is changing the top level API, if we should do a mailing list shout-out. I anticipate there being some resistance around "security" aspects or others may have other opinions on the shape of the results. |
knowing some folks (cough IBM cough) would likely prefer not to reveal more version numbers, can we consider a config toggle? |
and noting that the OTP version comes back in the Server response header already. |
@nickva sure thing, will do @rnewson happy to add a Re the OTP version:
|
Ideally we'd address these things together. there are a few spots where couchdb shows "internal" information that is strictly unrelated to its role as a database (the couchdb version, erlang version, spidermonkey version, erlang node names, pids, etc). I agree that hiding version numbers is a "security through obscurity" approach but I can't be the only person who has to regularly defend their presence in audits, etc. In my situation, I can and do argue that the couchdb version number signals compatibility and does not necessary mean we're running that verbatim code. All this to say, perhaps it is time for a new admin-only endpoint into which we can put all the internal details instead. It is clearly useful to be able to interrogate the various version numbers through the http api, but users don't need that. For the welcome message, I suggest showing something of value to users, namely "ES5" versus "ES6". |
I’m coming at this mostly from a remote-diagnosis point of view, where we either poke a couch, or ask someone to poke their couch about info that we can then derive some info about its behaviour, so I’d want precise version number. I don’t mind adding an admin-only endpoint for that (say I’m less interested in maintaining a mapping between ES-version and software version, but if someone wants to take that on, I’m not going to veto it either :) |
src/chttpd/src/chttpd_misc.erl
Outdated
@@ -47,6 +47,11 @@ handle_welcome_req(#httpd{method='GET'}=Req, WelcomeMessage) -> | |||
{couchdb, WelcomeMessage}, | |||
{version, list_to_binary(couch_server:get_version())}, | |||
{git_sha, list_to_binary(couch_server:get_git_sha())}, | |||
{erlang_verison, ?l2b(?COUCHDB_ERLANG_VERSION)}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit/typo:
{erlang_verison, ?l2b(?COUCHDB_ERLANG_VERSION)}, | |
{erlang_version, ?l2b(?COUCHDB_ERLANG_VERSION)}, |
d953d2d
to
61308a4
Compare
Thank you all for the input. I’ve reworked this to show Erlang and SM versions under
|
Looks pretty good @janl. What do you think about also removing the Erlang version from I can't think of a case when a client library might need to act differently if say Erlang version is 20 vs 24 |
@nickva I think since this is technically public-API, we’ll have to make it an option to disable and deprecate it, so we can remove it in 4.x, but no objections to that plan (in a separate PR) |
The endpoint is admin-only. Closes #3298
61308a4
to
80ea7b4
Compare
@janl ah fair enough |
closes #3298