On 2014-06-19, 7:55 PM, Tyler Romeo wrote: > On Thu, Jun 19, 2014 at 9:23 PM, Brian Wolff <bawo...@gmail.com> wrote: > >> What about the content-length header? I believe that's included with >> POST requests even when using application/x-www-form-urlencoded form. >> > I suggest people in this thread read section 4.4 of RFC 2616. > > There is no situation in which an HTTP request can be "cut off" such that > part of the query goes missing. Assuming you are using a compliant web > server, the Content-Length header is basically required for request bodies > (unless you're doing chunked encoding or something). > > Try right now submitting a POST request without a Content-Length header to > Wikipedia. It results in a 400. Additionally, if you send an incorrect > header, it will either wait until timeout if it's too long or give 400 if > it's too short. > > Like Daniel said, the only situation that is possible is some sort of > buffer issue, where there is a client-side application logic error that > causes the incorrect request to be sent. But this is not really MediaWiki's > problem, and client's should be using the Content-MD5 header (or whatever > the bastardized MediaWiki version is, since MW doesn't actually support > HTTP) if they really want to ensure data integrity. A) Issues like this result in a simple content tweak to end up erasing the latter part of an article, it may not be a problem "in" MediaWiki, but it still something that affects us and something for us to document to API users. B) If we even have anything similar to Content-MD5 (I don't remember seeing anything) it's optional and the clients most likely to have a buffer bugs like that are going to be the ones that don't use it. C) Even if a client used something like Content-MD5 it wouldn't really help, if a client has a buffer issue like we're talking about then there's a good chance that the corruption exists in the same buffer that the hash is based on so the hash itself will be incorrect.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/] _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
