You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
hyperium/hyper#309 This bug causes quite strange behaviour, and the fix seems not to be released yet:
A POST login page that returns a 303 (a good practice) may cause the following request fail, because Hyper doesn't read the previous request to the end unless it's needed, and when it reads the next request using a keep-alive connection, the body of the previous request gets read as garbage in the front.
The workaround is to read the body manually in the request, for example, by calling request.form().
Maybe pencil could release a workaround fix that reads the request bodies to the end (or, if there's a huge amount of data, drops the connection), until the bug in Hyper is fixed? For example, there's a middleware for Iron that already does that: https://crates.io/crates/iron-drain Maybe pencil should do that also.
The text was updated successfully, but these errors were encountered:
The possibly safer thing for the middlware to do is to set Connection: close on the response if the request is not going to be read to the end. The danger in draining is if the request payload is super huge, gigabytes of data, and a middleware blindly just keeps reading. It could perhaps also drain up to a limit, before deciding the connection just needs to die.
hyperium/hyper#309 This bug causes quite strange behaviour, and the fix seems not to be released yet:
A POST login page that returns a 303 (a good practice) may cause the following request fail, because Hyper doesn't read the previous request to the end unless it's needed, and when it reads the next request using a keep-alive connection, the body of the previous request gets read as garbage in the front.
The workaround is to read the body manually in the request, for example, by calling
request.form()
.Maybe
pencil
could release a workaround fix that reads the request bodies to the end (or, if there's a huge amount of data, drops the connection), until the bug in Hyper is fixed? For example, there's a middleware forIron
that already does that: https://crates.io/crates/iron-drain Maybepencil
should do that also.The text was updated successfully, but these errors were encountered: