I'm really surprised this isn't already documented; I filed an issue on github for this: https://github.com/zedshaw/mongrel2/issues/149
-Jason On 08:46 Thu 27 Sep , Loic d'Anterroches wrote: > > > On 2012-09-27 00:21, Jason Miller wrote: > > Since http headers are case-insensitive, mongrel2 takes advantage of > > this and UPCASES all trusted headers and downcases all untrusted > > headers. > > > > So: > > x-something-sensitive: from client > > X-SOMETHING-SENSITIVE: from mongrel2 > > Maybe we should put that in the manual. If an header is full upper case, > then it comes from mongrel2 and can be trusted. > > loïc > > > On 20:53 Tue 25 Sep , Loic d'Anterroches wrote: > >> > >> > >> On 2012-09-25 17:38, Florian Anderiasch wrote: > >>> On 09/25/2012 09:37 AM, Loic d'Anterroches wrote: > >>>> Hello, > >>>> > >>>> On 2012-09-24 23:43, Jason Miller wrote: > >>>>> Hmm, I'm not sure why that's superior to not just putting the data in a > >>>>> netstring? > >>>> > >>>> I suppose I was not clear enough. Basically, I want to be able to > >>>> exchange "meta" data with Mongrel2. We have this issue with the headers > >>>> (remote ip, etc.) when the message is coming from M2 to the handler and > >>>> from the handler to M2 we only have the client list and the payload. > >>>> What I think could be nice is to have on top of these, a tnetstring or > >>>> json with some extra meta data. These extra data should be in a > >>>> different tnetstring/json "part" to be clear that you cannot overlap > >>>> them with the headers from the client. This way one have the "trusted" > >>>> meta data coming from M2 directly and the headers + optional body of the > >>>> request from the client. > >>> > >>> > >>> Can't you just work with the old X-*** headers or am I missing the > >>> problem completely? > >> > >> Any client can create an x-*** header and send it to the server. How do > >> you know it was set by Mongrel2 or by the client? > >> > >> loïc > > > > > > -- > Dr Loïc d'Anterroches > Founder Céondo Ltd > > w: www.ceondo.com | e: [email protected] > t: +44 (0)207 183 0016 | f: +44 (0)207 183 0124 > > Céondo Ltd > Dalton House > 60 Windsor Avenue > London > SW19 2RR / United Kingdom
