WSRequest: Normalize URL #288
Conversation
|
@marcospereira I've removed "WIP", and I'm ready for a review now, please. |
|
@marcospereira @gmethvin @wsargent can I get a review please? |
|
I'm free this weekend, I can take a look at it |
There was a problem hiding this comment.
So I can see from the PR that there's some use of UriEncoder.FIXING and the path and the query parameters are touched, but it's not clear in the code what the overall effect is.
There was a problem hiding this comment.
I think this is useful but it leaves some ambiguities into what encoding means and what the end result is.
Tying things down to a particular RFC and providing examples would help, as would "boundary conditions" showing the normalize method will cover and what it won't. More unit tests showing failed URLs and URLs which can't be recovered would be good too.
play-ahc-ws-standalone/src/main/scala/play/api/libs/ws/ahc/StandaloneAhcWSClient.scala
Outdated
Show resolved
Hide resolved
play-ahc-ws-standalone/src/main/scala/play/api/libs/ws/ahc/StandaloneAhcWSClient.scala
Outdated
Show resolved
Hide resolved
play-ahc-ws-standalone/src/main/scala/play/api/libs/ws/ahc/StandaloneAhcWSClient.scala
Outdated
Show resolved
Hide resolved
| } | ||
|
|
||
| /** | ||
| * Builds an AHC [[Uri]] with all parts URL encoded. |
There was a problem hiding this comment.
Can we specify the RFC here used for the encoding?
There was a problem hiding this comment.
I'm not sure we can.
I assume UriEncoder.FIXING returns an org.asynchttpclient.uri.Uri capable of producing an RFC 3986 compliant String. It makes no guarantees in the javadoc, but the private static constant names in Utf8UrlEncoder mention RFC3986. I'm not sure we can go so far as to claim that the Uri result conforms to the RFC though. The result seems closer to it at least.
The goal is just to get it closer to returning a valid java.net.URI, which claims to represent RFC 2396, "aside from minor deviations".
I've updated the scaladoc of this method to say that it runs it through UriEncoder.FIXING, which is at least 100% accurate.
play-ahc-ws-standalone/src/main/scala/play/api/libs/ws/ahc/StandaloneAhcWSClient.scala
Show resolved
Hide resolved
play-ahc-ws-standalone/src/test/scala/play/api/libs/ws/ahc/AhcWSRequestSpec.scala
Show resolved
Hide resolved
|
@wsargent thanks for the review. I'll update with RFC links, examples, and more tests. |
htmldoug
force-pushed
the
uri-fixing
branch
7 times, most recently
from
7ae88ee
to
8a8eb17
Compare
| } yield key -> value | ||
|
|
||
| req | ||
| .withUrl(urlNoQueryParams) |
There was a problem hiding this comment.
One concern: withUrl() calls normalize() here which could lead to infinite mutual recursion if I missed a case. I'd prefer to call the StandaloneAhcWSRequest.copy() escape hatch here, but it requires access to the implicit Materializer which is not accessible.
Some ideas in order of preference (least -> most):
- Leave it as is and let users report cases we missed. Should happen pretty quickly, but ugh.
- Remove the check from
withUrl(). That'd weaken the integrity ofStandaloneAhcWSRequest, although it's already compromisable withcopy()if you provide your ownMaterializer. - Change visibility to
StandaloneAhcWSRequest(...)(implicit private[ahc] val materializer: Materializer)and do thecopy().
There was a problem hiding this comment.
I'm going to go ahead and push up a second commit with the last approach. If you like it, I'll squash. Otherwise, I'll drop it.
|
Thanks again for the review and sorry for the long delay. Holidays derailed me, but https://blog.playframework.com/play-2-7-0-rc9-released/ was a nice kick in the pants. I've addressed all comments, and added benchmarks and more tests. Ready for another review. |
|
@marcospereira @wsargent do you guys need anything else from me for this to be mergeable? |
|
We're starting on the play 2.7 upgrade now. Any chance of getting this merged, or should we just port this to a wrapper and wrap all of our |
|
Any update on this? I would like to upgrade to Play 2.7 with this as well, and I have the same issue that Doug is trying to solve here. |
|
It's been ready to go since #288 (comment). I've rebased onto latest master, although after master bumped to play 2.8.0-M1, I'm not sure if this will be available for play 2.7. @wsargent do you plan to re-review or should I close the PR? |
Pull Request Checklist
Fixes
Fixes #267
Purpose
Ensure that
StandaloneWSRequest.uridoes not return invalid values or throw, by normalizing theurl: Stringwhen aStandaloneWSRequestis constructed. Same approach is used by the java implementation.Background Context
This approach follows the "tolerant" recommendation, #267 (comment).
Ensures:
StandaloneWSRequest.urlpath is encoded.StandaloneWSRequest.queryString.Implementation is based upon a
WSRequestFilter-like decorator I've been using in production since June 2018. An advantage to fixing the request right away is thatrequest.urican be invoked safely sooner in the process.Caveats
Normalization can still be bypassed by:
StandaloneAhcWSClient.copy(url = ">^..^<", ...)new StandaloneAhcWSRequest(client, ">^..^<", ...)