durusmail: quixote-users: Re: medusa_http.py patch for basic authentication
medusa_http.py patch for basic authentication
2004-08-07
Ken Kennedy
Re: medusa_http.py patch for basic authentication
2004-08-12
Graham Fawcett
2004-08-19
Neil Schemenauer
2004-08-20
Jason Sibre
2004-08-20
Graham Fawcett
2004-08-20
Jason E. Sibre
2004-08-21
Ken Kennedy
2004-08-23
Neil Schemenauer
2004-08-24
John Belmonte
Re: medusa_http.py patch for basic authentication
Jason E. Sibre
2004-08-20
> Hold on... I'm a bit tired, and may be missing something, but I
> don't think
> that's quite what's happening.
>
> Here's a larger snippet of medusa_http.py:

No, I think I was the tired one...


[...]
> So I think the modification is legitimate. In fact, I'd go an
> extra step, and
> cut out the lines
>
>                     'HTTP_COOKIE': msg.get('Cookie'),
>                     'HTTP_REFERER': msg.get('Referer'),
>                     'HTTP_USER_AGENT': msg.get('User-agent'),
>
> from the environ dict setup, since these will be re-created by
> the msg.items()
> loop.
>
> Still haven't tested the code, but it seems logical... what do
> you think? Are
> there any cases where the presence of HTTP_CONTENT_LENGTH (in
> addition to the
> presence of CONTENT_LENGTH) would pose a problem?
>
> -- Graham


You're quite right.  I hadn't looked at the patch in it's proper context,
and consequently failed to see that.  medusa_http.py does explicitly set the
headers for content-type and content-length, and no, I can't think of any
case where the presence of an additional http_ version of those headers
would cause problems.

Having read that, though, I pulled up the Qx 1.0b1 version of the code (the
latest I've downloaded, which I *still* am not actually using ), and see that:
 A) As you said, the CONTENT_LENGTH header is set by the actual length of
the data...  Might be better to have that get the header info, or make the
HTTP_ version also use the actual length of the data.  I mean, otherwise,
they may not match ;)  Wouldn't *that* be awkward. Then again, I guess
ambitious developers could check to make sure they did match, and do
somthing exotic if they didn't.

 B) The twisted_http.py code (where that snippet claims to be copied from)
DOES NOT set the content length and type explicitly.  So, it either needs to
do so, or the existing version of the code in question should either be left
alone (for twisted_http), or it needs to be modified in yet some other way
(to provide the content length and type values).  (Unless a newer version of
twisted_http.py than I have alread fixes that problem.)

I'll second the idea of yanking the HTTP_COOKIE, HTTP_REFERER and
HTTP_USER_AGENT lines from medusa_http.py.  Looks like they're just baggage
from before the other section was copied from twisted_http.py.

Jason
reply