Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Catalyst>
  3. Users
Response traits.
moseley at hank
Oct 30, 2013, 4:35 PM
Post #1 of 7 (2515 views)
Permalink
What is the recommended way to apply a Response trait? Include it in a
response subclass similar to how Catalyst::Action::REST injects
Catalyst::Request::REST?

http://cpansearch.perl.org/src/JJNAPIORK/Catalyst-Action-REST-1.12/lib/Catalyst/Action/SerializeBase.pm


What I was interested in is wrapping redirect and filtering out any
white-space to prevent response splitting.

sub redirect {
my $self = shift;

if (@_) {
my $location = shift;
my $status = shift || 302;

$self->location($location);
$self->status($status);
}

return $self->location;
}

--
Bill Moseley
moseley@hank.org
Re: Response traits. [ In reply to ]
pagaltzis at gmx
Oct 31, 2013, 12:51 AM
Post #2 of 7 (2473 views)
Permalink
* Bill Moseley <moseley@hank.org> [2013-10-31 00:40]:
> What is the recommended way to apply a Response trait?

Uhm, how about applying it to your response class?

CatalystX::RoleApplicator I guess?

Not sure I get the question though.

--
Aristotle Pagaltzis // <http://plasmasturm.org/>

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Re: Re: Response traits. [ In reply to ]
moseley at hank
Oct 31, 2013, 9:32 AM
Post #3 of 7 (2473 views)
Permalink
On Thu, Oct 31, 2013 at 12:51 AM, Aristotle Pagaltzis <pagaltzis@gmx.de>wrote:

> CatalystX::RoleApplicator


Thanks. That was what I was looking for. Just missed it when looking.


--
Bill Moseley
moseley@hank.org
Re: Re: Response traits. [ In reply to ]
jjn1056 at yahoo
Oct 31, 2013, 2:34 PM
Post #4 of 7 (2471 views)
Permalink
I'm currently recommending people take advantage of native PSGI support in the newer Catalyst and use Middleware for when you need to munge and or alter the response (if its being done globally).  The interface is more straightforward.

johnn



On Thursday, October 31, 2013 11:33 AM, Bill Moseley <moseley@hank.org> wrote:



On Thu, Oct 31, 2013 at 12:51 AM, Aristotle Pagaltzis <pagaltzis@gmx.de> wrote:

CatalystX::RoleApplicator
Thanks.  That was what I was looking for.   Just missed it when looking.


--
Bill Moseley
moseley@hank.org

_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
Re: Re: Response traits. [ In reply to ]
moseley at hank
Oct 31, 2013, 5:03 PM
Post #5 of 7 (2481 views)
Permalink
On Thu, Oct 31, 2013 at 2:34 PM, John Napiorkowski <jjn1056@yahoo.com>wrote:

> I'm currently recommending people take advantage of native PSGI support in
> the newer Catalyst and use Middleware for when you need to munge and or
> alter the response (if its being done globally). The interface is more
> straightforward.
>

Do you think that Catalyst::Response should validate the location provided
to redirect()?

The issue that came up was a newline was ending up in the location provided
which resulted in a split
response<http://en.wikipedia.org/wiki/HTTP_response_splitting>.
I was thinking of doing something like:

$self->location( URI->new( $location )->as_string );

But with perhaps a bit more error handling.






>
> johnn
>
>
> On Thursday, October 31, 2013 11:33 AM, Bill Moseley <moseley@hank.org>
> wrote:
>
> On Thu, Oct 31, 2013 at 12:51 AM, Aristotle Pagaltzis <pagaltzis@gmx.de>wrote:
>
> CatalystX::RoleApplicator
>
>
> Thanks. That was what I was looking for. Just missed it when looking.
>
>
> --
> Bill Moseley
> moseley@hank.org
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>


--
Bill Moseley
moseley@hank.org
Re: Re: Response traits. [ In reply to ]
jjn1056 at yahoo
Nov 1, 2013, 8:31 AM
Post #6 of 7 (2468 views)
Permalink
I think a patch that made sure strings being set to location conformed to the expected standard would be very welcomed!

on the other hand I thought this was also caught by 

https://metacpan.org/pod/Plack::Middleware::Lint


as well?  In any case Catalyst response could reject any attempts to set ->location with incorrect values.

The only thing is that people could still probably get around it by setting headers directly.  I think for now we'll say if you do that we have to assume you know what you are doing!

John



On Thursday, October 31, 2013 7:03 PM, Bill Moseley <moseley@hank.org> wrote:






On Thu, Oct 31, 2013 at 2:34 PM, John Napiorkowski <jjn1056@yahoo.com> wrote:

I'm currently recommending people take advantage of native PSGI support in the newer Catalyst and use Middleware for when you need to munge and or alter the response (if its being done globally).  The interface is more straightforward.

Do you think that Catalyst::Response should validate the location provided to redirect()?

The issue that came up was a newline was ending up in the location provided which resulted in a split response.    I was thinking of doing something like:

$self->location( URI->new( $location )->as_string );

But with perhaps a bit more error handling.




 

>
>johnn
>
>
>
>On Thursday, October 31, 2013 11:33 AM, Bill Moseley <moseley@hank.org> wrote:
>
>
>
>On Thu, Oct 31, 2013 at 12:51 AM, Aristotle Pagaltzis <pagaltzis@gmx.de> wrote:
>
>CatalystX::RoleApplicator
>Thanks.  That was what I was looking for.   Just missed it when looking.
>
>
>
>--
>Bill Moseley
>moseley@hank.org
>
>_______________________________________________
>List: Catalyst@lists.scsys.co.uk
>Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>Dev site: http://dev.catalyst.perl.org/
>
>
>
>_______________________________________________
>List: Catalyst@lists.scsys.co.uk
>Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
>Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
>Dev site: http://dev.catalyst.perl.org/
>
>
>



--
Bill Moseley
moseley@hank.org
Re: Re: Response traits. [ In reply to ]
moseley at hank
Nov 1, 2013, 10:29 AM
Post #7 of 7 (2472 views)
Permalink
On Fri, Nov 1, 2013 at 8:31 AM, John Napiorkowski <jjn1056@yahoo.com> wrote:

> I think a patch that made sure strings being set to location conformed to
> the expected standard would be very welcomed!
>
> on the other hand I thought this was also caught by
>
> https://metacpan.org/pod/Plack::Middleware::Lint
>

Yes, you might be right about that. That's probably the right (final)
place to catch this. From the framework point of view I'm not quite clear
what $res->redirect should accept. That is, if it contains \n should it
get precent-encoded? Maybe it should (have) only accept a URI object?
And only a fully-qualified URI. And what if redirect is passed wide
characters? Maybe it's legit to pass wide characters encoded in some
format.


>
>
> as well? In any case Catalyst response could reject any attempts to set
> ->location with incorrect values.
>
> The only thing is that people could still probably get around it by
> setting headers directly. I think for now we'll say if you do that we have
> to assume you know what you are doing!
>

One would hope. Experience often shows that manually doing it often is an
indicator of not knowing what one is doing. The framework's benefit is so
you don't screw things up.




>
> John
>
>
> On Thursday, October 31, 2013 7:03 PM, Bill Moseley <moseley@hank.org>
> wrote:
>
>
>
> On Thu, Oct 31, 2013 at 2:34 PM, John Napiorkowski <jjn1056@yahoo.com>wrote:
>
> I'm currently recommending people take advantage of native PSGI support in
> the newer Catalyst and use Middleware for when you need to munge and or
> alter the response (if its being done globally). The interface is more
> straightforward.
>
>
> Do you think that Catalyst::Response should validate the location provided
> to redirect()?
>
> The issue that came up was a newline was ending up in the location
> provided which resulted in a split response<http://en.wikipedia.org/wiki/HTTP_response_splitting>.
> I was thinking of doing something like:
>
> $self->location( URI->new( $location )->as_string );
>
> But with perhaps a bit more error handling.
>
>
>
>
>
>
>
> johnn
>
>
> On Thursday, October 31, 2013 11:33 AM, Bill Moseley <moseley@hank.org>
> wrote:
>
> On Thu, Oct 31, 2013 at 12:51 AM, Aristotle Pagaltzis <pagaltzis@gmx.de>wrote:
>
> CatalystX::RoleApplicator
>
>
> Thanks. That was what I was looking for. Just missed it when looking.
>
>
> --
> Bill Moseley
> moseley@hank.org
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
>
> _______________________________________________
> List: Catalyst@lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive:
> http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
>
>
>
>
> --
> Bill Moseley
> moseley@hank.org
>
>
>


--
Bill Moseley
moseley@hank.org

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal