Drop special headers from redirected requests #289
Conversation
|
I think these test failures are related to your changes @sberrevoets ? It looks like master is mostly green (besides some flakes) |
|
I was able to reproduce this once (via @AliSoftware any idea what might be going on? |
|
I think the build failures might be related to the race condition bug we discovered in See also #280 |
|
Ah thanks for the heads up, I've duped the radar. What would you like to see here in the meantime? |
|
Friendly ping @AliSoftware :) |
|
Sorry for the late reply. Or a better solution might be to introduce a small delay in the redirection (like what we done in the other PR to confirm the bug was a race condition) as it seemed to at least reduce a lot the bug from happening; even if that means introducing a delay and slowing down stuff a little, that's probably better than failing 70% of the time…? |
|
Yeah that's a very good question. For me it'd probably depend on how much it fails. If it really is 70% of the time right now then adding a delay seems worth it. If it's every now and then, it might be possible to (somehow) auto-retry the affected tests, or take a simpler approach of adding a comment explaining the problem. I'm also open to alternatives, framework bugs like these are a huge PITA 😕 |
|
@sberrevoets - we're reviewing all outstanding PRs before making a release, and then updating the version of Swift being used. the hope is to do all of this before Xcode 10.2 comes out, so our timeline is a bit tight. If you are still interested in getting this in, please resolve the conflicts. If you are not interested, having that feedback would be helpful too. |
|
Happy to resolve conflicts (though can't promise I'll have time for that before the 10.2 release), but how depends on what approach is preferable. Based on the conversation above I'm not sure if there's a clear path forward. |
|
@sberrevoets - if you mean the failing tests - those were disabled in CI (#301 & #302), so you don't need to worry about that part. We only need the conflicts resolved. If you want to give me permission to commit to your fork's master branch I don't mind resolving them myself. the tests should pass once the conflicts are resolved. |
|
Ah I missed that, that makes resolving conflicts a bit easier. Pushed an update but also gave edit access just in case. |
jeffctown
requested review from
AliSoftware and
Liquidsoul
and removed request for
AliSoftware
There was a problem hiding this comment.
A little sad that the tests that were previously added and which were testing if proper headers were dropped or preserved… got removed.
I mean I know they are flaky due to the Apple Bug but with #301 and #302 the goal was to disable those… only on CI. While still be able to run them on Xcode (which seemed less prone to the race condition bug for some reason probably related to our personal machines speeds)
So I think it would still be valuable to reintroduce that test that we had before the recent commit fixing the conflict, even though it won't be run by CI, as it seemed valuable and properly written and could still be useful to have when we run the tests on Xcode and not on CI.
OHHTTPStubs/Sources/OHHTTPStubs.m
Outdated
| [mReq setValue:nil forHTTPHeaderField:@"Host"]; | ||
| [mReq setValue:nil forHTTPHeaderField:@"Proxy-Authenticate"]; | ||
| [mReq setValue:nil forHTTPHeaderField:@"Proxy-Authorization"]; | ||
| [mReq setValue:nil forHTTPHeaderField:@"WWW-Authenticate"]; |
There was a problem hiding this comment.
This could maybe be a for header in @[@"…",@"…",…] loop instead?
There was a problem hiding this comment.
I pushed a commit to put this into it's own method since where it is now is already a bit large.
|
@AliSoftware I updated this branch with a for loop, and I still see the conditional tests. |
|
I was talking about a new test case that @sberrevoets wrote in his initial commits, and that I remember about from when I reviewed the diff on that PR before the conflict resolution today. That new test case which was added in that PR was essentially creating a request, with all the headers of interest here + another header — named That test case seems not to be there anymore (or is my GitHub view of the PR diff on my phone making me missing something?). It probably was removed by the force-push done by @sberrevoets today I guess. While I think it would be worth to have that test case back (even if it ends up not being run on CI because we disabled them there, but they would still be able to be run locally in Xcode) |
|
Oh! My bad man. I thought you meant the buggy test. Sent with GitHawk |
|
I did remove that test case because it was one of the conflicts. Working on adding that back now. |
|
Added that back and ran it locally - it still passed. |
| @"Proxy-Authenticate": @"proxy-authenticate", | ||
| @"Proxy-Authorization": @"proxy-authorization", | ||
| @"WWW-Authenticate": @"www-authenticate", | ||
| @"Preserved": @"preserved" |
There was a problem hiding this comment.
Just because if, say, we change the implementation one day and accidentally make the new implementation behave ( wrongly) as "remove all headers but the last" or "only keep one header" (instead of doing what it's supposed to do like today), I would try to put one or two more "headers to be preserved" in there and intertwine them in the middle of that list instead of all in the end 😉 #paranoiaModeOn
There was a problem hiding this comment.
But since it's a dictionary order isn't guaranteed anyway? Is that different under the NSURLSession hood?
There was a problem hiding this comment.
Oh good point!
Though I suspect that dictionary literals, even though they don't guarantee order by contract as it's not a expected requirement for dicts, might end up always being iterated in the same deterministic order in practice (because of current implantation details of dictionary literals in ObjC)?
There was a problem hiding this comment.
Yeah it doesn't hurt to add - done. (In a separate commit for reviewing purposes, happy to rebase at the end if you'd like.)
|
Thanks @sberrevoets 🎉 |
|
Thanks for the reviews and suggestions! |
Checklist
Description
The change in #263 means a redirected request had the same headers as the original request (because it was a copy and not a brand new
NSURLRequestinstance).While the new behavior was correct, it didn't account for "special headers" that URLSession "handles". The docs aren't entirely clear what that means, but we've at least confirmed it removes the "Authorization" headers as that poses a security risk, so this PR removes all those headers + a test.