add response decompression support#86
Conversation
|
@tomerd build fails with |
weissi
left a comment
There was a problem hiding this comment.
this needs a limit on the decompression threshold so denial of service attacks are harder. Just chatted to @Lukasa who actually has experience writing HTTP clients. We should either have a (configurable) limit of say a maximum of 32 MB or something or alternatively a maximum decompression threshold so for example: The decompressed data must not be more than 100x the size of the compressed data.
| } | ||
| } | ||
|
|
||
| public mutating func inflatePart(to buffer: inout ByteBuffer) { |
There was a problem hiding this comment.
This API must not be public, as it is extremely unsafe. Please make it private.
There was a problem hiding this comment.
Fixed, thanks!
| } | ||
|
|
||
| let rc = CNIOExtrasZlib_inflateInit2(&self.stream, window) | ||
| precondition(rc == Z_OK, "Unexpected return from zlib init: \(rc)") |
There was a problem hiding this comment.
This should probably throw.
There was a problem hiding this comment.
fixed, thanks!
@artemredkin add |
…nternal or private
|
@tomerd @Lukasa @weissi I've updated the PR with the latests changes from |
|
@weissi are you happy with the latest changes? |
…ver/async-http-client into support_response_decompression
|
@weissi ready for review |
weissi
left a comment
There was a problem hiding this comment.
@artemredkin sorry for the delay! LGTM
fixes #44