jwt_auth plugin extractCredentials: check request content-type #1728
Conversation
✅ Deploy Preview for plone-restapi canceled.
|
|
@davisagli thanks for creating this Pull Request and helping to improve Plone! TL;DR: Finish pushing changes, pass all other checks, then paste a comment: To ensure that these changes do not break other parts of Plone, the Plone test suite matrix needs to pass, but it takes 30-60 min. Other CI checks are usually much faster and the Plone Jenkins resources are limited, so when done pushing changes and all other checks pass either start all Jenkins PR jobs yourself, or simply add the comment above in this PR to start all the jobs automatically. Happy hacking! |
|
@jenkins-plone-org please run jobs |
There was a problem hiding this comment.
LGTM. This fixes it for the ClassicUI case: uploading large files works again.
I still would suggest to combine this with my PR #1726, which catches BadRequest. This probably will not fix large uploads in Volto, but at least it would shift the error to the service that handles the uploads, instead of here in the PAS plugin.
But I did not try this in combination with Volto, so maybe there is no problem anymore. It would be good to get that confirmed though.
|
For the record, I confirm that with this PR a POST to the |
|
@mauritsvanrees The Accept header doesn't sound relevant to me. That tells the server what content-type the client hopes to receive in the response, not what content-type it is sending in the request. I confirmed that uploading large files in Volto still triggers the error, but that's expected. I guess we can catch BadRequest here, but I think that just hides the problem. To really fix it for Volto, we need to:
I think this is a good path forward but it's not going to happen overnight. |
|
This is good to go, I merge. |
|
Before release, please approve and merge PR #1729. |
Alternative to #1726
We should only try to parse the request body as JSON if there's a request header saying it's JSON.