Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

generate boundary with token_hex #2702

Merged
merged 6 commits into from
Sep 25, 2024
Merged

generate boundary with token_hex #2702

merged 6 commits into from
Sep 25, 2024

Conversation

trim21
Copy link
Contributor

@trim21 trim21 commented Sep 23, 2024

Summary

Checklist

  • I understand that this PR may be closed in case there was no previous discussion. (This doesn't apply to typos!)
  • I've added a test for each change that was introduced, and I tried as much as possible to make a single atomic change.
  • I've updated the documentation accordingly.

@@ -404,7 +404,7 @@ async def _handle_multiple_ranges(
file_size: int,
send_header_only: bool,
) -> None:
boundary = "".join(random_choices("abcdefghijklmnopqrstuvwxyz0123456789", k=13))
boundary = token_hex(20)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why was it increased to 20?

Copy link
Contributor Author

@trim21 trim21 Sep 23, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just A random number I picked. len(boundary) is actually 40 now

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the specification, this value can be between 1 and 70. But is 40 too long?

Copy link
Member

@graingert graingert Sep 24, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

>96 bits of entropy is recommended so only 13 bytes is needed

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@trim21 Can we drop the number a bit so I can include this on the next release?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to what? 13?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep. Maybe we can add a comment about the choice, to avoid future confusion/questions?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

96 bits of entropy is recommended so only 13 bytes is needed

where does this recommendation comes from?

Copy link
Member

@graingert graingert Sep 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

@abersheeran abersheeran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Elegant modification.

starlette/responses.py Outdated Show resolved Hide resolved
@Kludex Kludex enabled auto-merge (squash) September 25, 2024 11:26
@Kludex Kludex merged commit 075efd0 into encode:master Sep 25, 2024
6 checks passed
@trim21 trim21 deleted the boundary-gen branch September 25, 2024 11:30
nixroxursox pushed a commit to nixroxursox/starlette that referenced this pull request Sep 30, 2024
* generate boundary with token_hex

* generate boundary with token_hex

* fix

* boundary size

* Update starlette/responses.py

---------

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants