Allow passing in timeout/retry settings to Net::HTTP #677
Conversation
When fetching remote XML files from arbitrary URLs, you might want to configure different values for timeouts/retries to avoid allowing users to DoS you via intentionally slow endpoints. The Net::HTTP defaults are 60 seconds plus 1 retry, which could easily deplete resources if intentionally exploited.
|
Just bumping this — @pitbulk anything I can do to help get this merged and shipped? |
|
@pitbulk this looks reasonable to merge. |
|
@johnnyshields I think its ok, but I gonna prefer @tjschuck can you do the change? |
|
@pitbulk Pushed! Thanks @pitbulk and @johnnyshields |
|
Sorry to bikeshed this, I misread @pitbulk's earlier comment. I was thinking we would make these just part of |
|
@johnnyshields That's fine with me too. I honestly can't remember why I did it this way... If you want me to push it into |
|
@johnnyshields I think it's ok to have both options differentiated. As we are introducing now all related to the request, I'm not against to leave its own place. Wonder if there is a way to inject them in the request rather than initialize each parameter one by one. |
| def parse_remote_to_hash(url, validate_cert = true, options = {}) | ||
| parse_remote_to_array(url, validate_cert, options)[0] | ||
| def parse_remote_to_hash(url, validate_cert = true, options = {}, request_options = {}) | ||
| parse_remote_to_array(url, validate_cert, request_options, options)[0] |
There was a problem hiding this comment.
oops this is wrong position
|
Using one |
|
Also this should go on branch V2.0.0 where we force new ruby version |
|
@tjschuck I'll take this one over. |
|
@johnnyshields Go nuts! Thanks. |
|
Replaced by #709 |
When fetching remote XML files from arbitrary URLs, you might want to configure different values for timeouts/retries to avoid allowing users to DoS you via intentionally slow endpoints. The Net::HTTP defaults are 60 seconds plus 1 retry, which could easily deplete resources if intentionally exploited.