Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't log invalid details about a raw response #51

Merged
merged 5 commits into from
Jul 24, 2024
Merged

Don't log invalid details about a raw response #51

merged 5 commits into from
Jul 24, 2024

Conversation

pbrisbin
Copy link
Member

@pbrisbin pbrisbin commented Jul 24, 2024
edited
Loading

wai has a RawResponse constructor for Response1. This is used
by applications that need to send raw bytes on the wire, such as
WebSockets.

This constructor has a field that is also type Response; functions
such as responseStatus2 or responseHeaders ultimately read from
this value since there is no actual status or headers that we can access
in the "raw" response itself.

This is an obvious but bad thing to do in something like requestLogger
because this inner response means nothing about what is actually
happening. It's there as a "fallback" to be used when raw responses
aren't supported. So it's almost always some kind of 500 error
response3. Ultimately, this causes any Blammo-using applications to
report every WebSockets response as a 500 in the logs.

By its nature, there's not much we can do instead, as we know nothing
about the response, so this commit just changes things to omit response
details entirely for such cases. This is the approach taken by the more
official Network.Wai.Middleware.RequestLogger too4.

I included a follow-up refactor separately, to (hopefully) make review
easier, but I plan to squash that in before merge.

Footnotes

  1. https://hackage.haskell.org/package/wai-3.2.4/docs/src/Network.Wai.Internal.html#Response

  2. https://hackage.haskell.org/package/wai-3.2.4/docs/src/Network.Wai.html#responseStatus

  3. https://hackage.haskell.org/package/yesod-core-1.6.26.0/docs/src/Yesod.Core.Handler.html#sendRawResponseNoConduit

  4. https://hackage.haskell.org/package/wai-extra-3.1.15/docs/src/Network.Wai.Middleware.RequestLogger.html#detailedMiddleware%27

@pbrisbin pbrisbin changed the title pb/raw Don't log invalid details about a raw response Jul 24, 2024
@pbrisbin pbrisbin requested a review from chris-martin July 24, 2024 01:26
@pbrisbin pbrisbin marked this pull request as ready for review July 24, 2024 01:26
pbrisbin added 5 commits July 24, 2024 15:23
@pbrisbin
Don't log invalid details about a raw response
326065a 
`wai` has a `RawResponse` constructor for `Response`[^1]. This is used
by applications that need to send raw bytes on the wire, such as
WebSockets.

This constructor has a field that is also type `Response`; functions
such as `responseStatus`[^2] or `responseHeaders` ultimately read from
this value since there is no actual status or headers that we can access
in the "raw" response itself.

This is an obvious but bad thing to do in something like `requestLogger`
because this inner response means nothing about what is actually
happening. It's there as a "fallback" to be used when raw responses
aren't supported. So it's almost always some kind of 500 error
response[^3]. Ultimately, this causes any Blammo-using applications to
report every WebSockets response as a 500 in the logs.

By its nature, there's not much we can do instead, as we know nothing
about the response, so this commit just changes things to omit response
details entirely for such cases. This is the approach taken by the more
official `Network.Wai.Middleware.RequestLogger` too.

[^1]: https://hackage.haskell.org/package/wai-3.2.4/docs/src/Network.Wai.Internal.html#Response
[^2]: https://hackage.haskell.org/package/wai-3.2.4/docs/src/Network.Wai.html#responseStatus
[^3]: https://hackage.haskell.org/package/yesod-core-1.6.26.0/docs/src/Yesod.Core.Handler.html#sendRawResponseNoConduit
@pbrisbin
DRY message and details between logging functions
f729dab
@pbrisbin
Use SeriesElem to avoid compatibility issue
a64e45a 
The KeyValue class changes in the Aeson version on nightly, so using it
means we'd need CPP. We can be concrete.
@pbrisbin
Avoid wildcard
9c9d84c 
This ensures we'll break and be intentional if the constructors change
in the future.
@pbrisbin
Version bump Blammo-wai
d57309b
@pbrisbin pbrisbin enabled auto-merge (rebase) July 24, 2024 19:24
@pbrisbin pbrisbin merged commit ca12432 into main Jul 24, 2024
8 checks passed
@pbrisbin pbrisbin deleted the pb/raw branch July 24, 2024 19:32
@pbrisbin pbrisbin mentioned this pull request Jul 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chris-martin chris-martin chris-martin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pbrisbin @chris-martin