Closed scottmando2000 closed 2 years ago
josevalim
commented
2 years ago I don't think you should generally allow invalid UTF-8 into the system through URL parameters. If you want to receive a hash, it is best to Base encode64 before. If you want to go ahead with this anyway, I recommend removing the :param_key from the RequestLogger, so it works exclusively based on cookies. :)
scottmando2000
commented
2 years ago I don't think you should generally allow invalid UTF-8 into the system through URL parameters. If you want to receive a hash, it is best to Base encode64 before. If you want to go ahead with this anyway, I recommend removing the
:param_keyfrom the RequestLogger, so it works exclusively based on cookies. :)
Thanks, José, for your reply.
I just tried your solution, and it did work, but I had some notes about it since it's not the best solution for this problem.
I don't control the parameter data types, these are requests coming directly from BitTorrent clients such as Transmission BT and µTorrent. A more ideal solution would be an option in the request logger to disable utf8 validation for specific parameters.
This is a specification that has been around since 2008, and losing the ability to use the request logger with the URL parameter isn't the ideal solution since all the requests are over HTTP. Especially when the purpose of the RequestLogger is to help debug. And as far as I am aware, it's not possible to set cookies on any torrent clients.
Environment
Make sure you are using the latest LiveView and Dashboard versions before continuing.
Actual behavior
Phoenix.LiveDashboard.RequestLoggerattempting to validate utf8 of every parameterExample URL that triggers this result in a fresh phoenix project.
http://localhost:4000/announce?info_hash=%13%E9%91%E8%998%C8%E2k%1A%10%C2%BE%154it%E3%5E%CFElixir Forum thread explaining
Expected behavior
Only validate_utf8 on parameters relating to the request logger configuration in
endpoint.ex