-
Notifications
You must be signed in to change notification settings - Fork 39
Timeouts
Timeouts are negotiated at different levels of the stack:
The Client specifies a timeout for each API call it makes:
- get_sources: 60 seconds
- get_all_submissions: 60 seconds
- get_all_replies: 60 seconds
- reply_source: 5 seconds
- add_star: 5 seconds
- remove_star: 5 seconds
- authenticate: 60 seconds
- logout: 20 seconds
- download_reply: 20 seconds
- download_submission: uses a method to get a realistic timeout
- delete_source 5 seconds
The SDK sends a qrexec subprocess command to the Proxy VM and will kill the subprocess and raise a RequestTimeoutError if the a timeout is reached. If a timeout is not specified, then the following defaults are used (see https://github.com/freedomofpress/securedrop-sdk/blob/80946593952574cfa1c0718e6a18436209fb1ac5/sdclientapi/__init__.py#L114-L118):
- download_submission: 60 minutes
- all other requests: 20 seconds
The Proxy will wait to receive bytes on the underlying socket until the following timeout has been reached (see https://github.com/freedomofpress/securedrop-proxy/blob/d78144a95d872a57fb92c3e9034e9beeb830b097/securedrop_proxy/proxy.py#L242):
- all requests: 120 seconds
If the Proxy is able to make a connection or the server sends data in less than 120 seconds, then the Proxy will continue to wait for however long it takes to get the full response.
Apache httpd will wait for i/o, e.g. will wait for a tcp packet to arrive (for more info, read https://httpd.apache.org/docs/2.4/mod/core.html), until the following timeout is reached:
- 60 seconds (specified by the Apache
TimeOutdirective in/etc/apache2/apache2.conf)
Also, note that we use mod_wsgi and you can see how we configure it in /etc/apache2/sites-enabled/journalist.conf (see https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIDaemonProcess.html for more information). Since we don't specify socket-timeout, we use the timeout specified by the Apache TimeOut directive instead.