-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use SafeRoundtripper to fetch templates #4
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the best way to solve the log situation is to accept a logger in the constructor of the mailer and just pass it on
mailme.go
Outdated
@@ -111,20 +112,20 @@ func (t *TemplateCache) Set(key, value string, expirationTime time.Duration) (*t | |||
} | |||
|
|||
func (t *TemplateCache) fetchTemplate(url string, triesLeft int) (string, error) { | |||
client := http.Client{ | |||
client := &http.Client{ | |||
Transport: &http.Transport{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no need to set the transport. it's going to be replaced in the safehttp call anyways
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The original transport gets wrapped by the new one. It's stored as noLocalTransport.inner
.
However, Go's DefaultTransport
is identical to the one defined here, except that the default has ForceAttemptHTTP2: true
. Any idea if that's deliberate?
If it's not, we can just use the DefaultTransport
. If it is, I think we should still start with the default and just update that one setting to make it explicit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agree on using DefaultTransport
👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
makes me wonder if we could just scrub the whole custom client creation and just pass the default http client into SafeHTTPClient
?
Yep if we're going with the DefaultTransport I think we can definitely do that :) |
Actually, we may want to specify a timeout on the default http client, like
Otherwise a malicious template URL could make us try to read the body forever. |
this is actual a very limited attack vector because people could only provoke that for their own site and we don't care if people deliberately break it. i think we can ignore for now. a timeout might even be weird for customers because they might have apis that take a long time to provide the template and since mailing is never in the hot path it would not influence latency of a service. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome 🚀
}, | ||
} | ||
|
||
client := nfhttp.SafeHTTPClient(http.DefaultClient, t.logger) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The problem with the default client is that it doesn't have any concepts of timeouts. I don't think it is a huge issue but something to be aware of.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See above comments ☝️
Updates template fetch to make use of netlify/netlify-commons#82