[ruby-cvs:70075] normal:r62965 (trunk): webrick/httpauth/digestauth: stream req.body

normal at ruby-lang.org normal at ruby-lang.org
Wed Mar 28 17:06:49 JST 2018


normal	2018-03-28 17:06:49 +0900 (Wed, 28 Mar 2018)

  New Revision: 62965

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=62965

  Log:
    webrick/httpauth/digestauth: stream req.body
    
    WARNING! WARNING! WARNING!  LIKELY BROKEN CHANGE
    
    Pass a proc to WEBrick::HTTPRequest#body to avoid reading a
    potentially large request body into memory during
    authentication.
    
    WARNING! this will break apps completely which want to do
    something with the body besides calculating the MD5 digest
    of it.
    
    Also, keep in mind that probably nobody uses "auth-int".
    Servers such as Apache, lighttpd, nginx don't seem to
    support it; nor does curl when using POST/PUT bodies;
    and we didn't have tests for it until now...
    
    * lib/webrick/httpauth/digestauth.rb (_authenticate): stream req.body

  Modified files:
    trunk/lib/webrick/httpauth/digestauth.rb


More information about the ruby-cvs mailing list