Request decompression looks scary: how are you going to implement protection against zip bombs (http://en.wikipedia.org/wiki/Zip_bomb)? See also: http://bugs.python.org/issue16043
суббота, 25 мая 2013 г., 20:34:44 UTC+6 пользователь Sébastien Béal написал: > > Hi, > > I would like to suggest to add requests decompression to the gzip > middleware. Although few browsers have the ability to compress the request > body, some use cases exists with other type of clients when building REST > APIs or WebDAV <http://www.webdav.org/> clients. > > To my knowledge, only Apache > mod_deflate<http://httpd.apache.org/docs/2.2/mod/mod_deflate.html#input> was > providing this feature. > > The idea behind this is simply to decompress the body of requests > containing Content-Encoding: gzip header. > I provided a working example on this branch: > https://github.com/sebastibe/django/tree/gzip-request-middleware > > What do you think about this? > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
