Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

web: do not send 500 on invalid If-Modified-Since header #3412

Merged
merged 5 commits into from
Jul 15, 2024
Merged

web: do not send 500 on invalid If-Modified-Since header #3412

merged 5 commits into from
Jul 15, 2024

Conversation

rgajrawala
Copy link
Contributor

Fixing #3408

@rgajrawala rgajrawala mentioned this pull request Jul 8, 2024
Closed
mcg1969
mcg1969 approved these changes Jul 8, 2024
View reviewed changes
Copy link

@mcg1969 mcg1969 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for doing this!

@bdarnell
Copy link
Member

bdarnell commented Jul 9, 2024

Looks good, but it could use a simple test in web_test.py.

@rgajrawala
Copy link
Contributor Author

@bdarnell done!

@rgajrawala
Copy link
Contributor Author

rgajrawala commented Jul 15, 2024
edited
Loading

@bdarnell @mcg1969 Can we please merge and publish this if it's good? We're getting pinged for 500s every time our security scan runs and unfortunately we can't override StaticFileHandler since tornado is not a direct dependency.

@bdarnell
Copy link
Member

Looks like the catch should be except Exception, since there no strong guarantees about what type of error you might see here.

I can merge this once the tests are passing but I'm not planning another release for a while (months) so you'll probably want to make your own custom build and put it in a private package index in the meantime.

@rgajrawala
Copy link
Contributor Author

Updated per your suggestion.

I'm not planning another release for a while

Even for a patch? I'll try to look into private package indexes...

@bdarnell
Copy link
Member

Even for a patch?

I can do patches for severe bugs, but this doesn't seem like it reaches that level since it concerns the handling of deliberately-invalid requests (and the failure is a spurious 500 response instead of doing work that shouldn't be done).

I'll try to look into private package indexes...

Some folks like to use tools like devpi for this but I prefer to keep it simple and use PIP_FIND_LINKS as in this ancient example: https://github.com/viewfinderco/viewfinder/blob/master/scripts/update-environment

@bdarnell bdarnell merged commit 100d4db into tornadoweb:master Jul 15, 2024
13 checks passed
@rgajrawala rgajrawala deleted the patch-1 branch July 16, 2024 12:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcg1969 mcg1969 mcg1969 approved these changes

@bdarnell bdarnell bdarnell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rgajrawala @bdarnell @mcg1969