Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Echo HTTP middleware #84

Closed
johanstokking opened this issue Feb 1, 2019 · 2 comments
Closed

Add Echo HTTP middleware #84

johanstokking opened this issue Feb 1, 2019 · 2 comments
Assignees
@htdvisser
Labels
c/shared This is shared between components compat/api This could affect API compatibility
Milestone
February 2019

Comments

@johanstokking
Copy link
Member

johanstokking commented Feb 1, 2019
edited by bafonins
Loading

Summary:

Implement the Echo middleware as in 3bf5834, but without breaking the login flow as reported in #82.

Why do we need this?

Need request body limit, need compression, need some security headers and recovery from panics.

What is already there? What do you see now?

Reverted the functionality described above because it broke the login flow as described in #82.

What is missing? What do you want to see?

  • A request body limit of 16 MB
  • Gzip compression
  • Security headers, such as 
    X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 01D2FQ0R758RZ4X99NPHYV44AW
X-Xss-Protection: 1; mode=block
  • Recovery from panics

Additionally, it adds CORS headers to all /api/v3 endpoints, as those may be called by external consoles.
@johanstokking johanstokking added c/shared This is shared between components compat/api This could affect API compatibility labels Feb 1, 2019
@johanstokking johanstokking added this to the February 2019 milestone Feb 4, 2019
@bafonins
Copy link
Contributor

bafonins commented Feb 4, 2019

After a quick investigation, it turned out that middleware.Gzip() is the one causing the issue. Apparently, there is something wrong with the Content-Length header set by the middleware which causes the browser to process js/css files of invalid length.

@johanstokking
Copy link
Member Author

@bafonins happy to see a PR without that middleware and push gzip to another PR.

This was referenced Feb 4, 2019
Merged
Closed
@bafonins bafonins closed this as completed Feb 4, 2019
@htdvisser htdvisser mentioned this issue Mar 22, 2019
Merged
@adriansmares adriansmares mentioned this issue Nov 9, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@htdvisser htdvisser

Labels
c/shared This is shared between components compat/api This could affect API compatibility
Projects
None yet
Milestone
February 2019
Development

No branches or pull requests
3 participants
@htdvisser @johanstokking @bafonins