[WebUI]: Print error messages upon receiving invalid header fields #7603
Conversation
src/webui/abstractwebapplication.h
Outdated
| @@ -105,7 +105,7 @@ private slots: | |||
| bool sessionInitialize(); | |||
|
|
|||
| QStringMap parseCookie(const Http::Request &request) const; | |||
| bool isCrossSiteRequest(const Http::Request &request) const; | |||
| bool isCrossSiteRequest(const Http::Request &request, const Http::Environment &env) const; | |||
There was a problem hiding this comment.
Didn't pay attention before...
These two methods have incorrect design. There is no need to pass class members as parameters of non-static class methods. You can use request_ and env_ inside it directly.
There was a problem hiding this comment.
You missed my ps. in the first post.
As you can see isCrossSiteRequest() depends solely on Http::Request members and the addition of Http::Environment/QHostAdress is purely for debug message use.
I plan to move this method under Http::Request class, thus I still need Http::Environment or QHostAdress in the future.
BTW, I see no reason why there are 2 separate classes: Http::Request Http::Environment, IMO they should be merged together, but that is for later.
There was a problem hiding this comment.
BTW, I see no reason why there are 2 separate classes:
The main reason is Environment contains data that is not part of request itself (client address is not even part of HTTP protocol).
There was a problem hiding this comment.
The main reason is Environment contains data that is not part of request itself (client address is not even part of HTTP protocol).
I understand your point now, yet I think for coding convenience, there should be a super set containing the 2 structs (just an idea)
You missed my ps. in the first post.
What do you think? or I should use class members now and refactor later?
There was a problem hiding this comment.
or I should use class members now and refactor later?
Yes.
There was a problem hiding this comment.
You can use request_ and env_ inside it directly.
OK, done.
There was a problem hiding this comment.
But you still pass request as parameter...
There was a problem hiding this comment.
If you don't want to fix existing code then ok, will do it later.
There was a problem hiding this comment.
I would like to minimize the changes now.
Now it just a structure of some parsed data. I wouldn't change this behavior. It is created only once (when we parse http request data) and it shouldn't be modified later. So you can add some extra field into it (e.g. isCrossSite) and fill it when you parse. |
|
Thanks! |
Due to #7577, some error message is needed to ease the diagnosis pain.
ps. I'll be moving
isCrossSiteRequestout of this class later, thus I need to passenvas a parameter.