Request decompression looks scary: how are you going to implement protection against zip bombs (http://en.wikipedia.org/wiki/Zip_bomb)? See also: http://bugs.python.org/issue16043
суббота, 25 мая 2013 г., 20:34:44 UTC+6 пользователь Sébastien Béal написал: > > Hi, > > I would like to suggest to add requests decompression to the gzip > middleware. Although few browsers have the ability to compress the request > body, some use cases exists with other type of clients when building REST > APIs or WebDAV <http://www.webdav.org/> clients. > > To my knowledge, only Apache > mod_deflate<http://httpd.apache.org/docs/2.2/mod/mod_deflate.html#input> was > providing this feature. > > The idea behind this is simply to decompress the body of requests > containing Content-Encoding: gzip header. > I provided a working example on this branch: > https://github.com/sebastibe/django/tree/gzip-request-middleware > > What do you think about this? > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
