Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
HTTP request handlers are not safe/secure #705
In both notification and replication action we make HTTPS requests to a PSK server. There are a number of issues with the current code including:
Replicated - The calls are essentially identical but we have different code handling them, that means we can't encode best practices in one place and use them everywhere
Size Limitations - The calls need to make sure that they cap how big a response they are willing to wait for
Time out - The calls need to time themselves out if they go on too long. This isn't a big deal on native connections (which have their own times outs) but it matters on WiFi. We also have to make sure that the time outs are tied to getting a complete response and NOT to data on the wire since there are tricks with things like chunking that potentially could keep a connection 'alive' for a while as it doesn't actually do anything.