Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: a resumable session without a Range header should be interpreted as 0 length #2182

Merged
merged 2 commits into from
Aug 30, 2023
Merged

fix: a resumable session without a Range header should be interpreted as 0 length #2182

merged 2 commits into from
Aug 30, 2023

Conversation

BenWhitehead
Copy link
Collaborator

@BenWhitehead BenWhitehead commented Aug 25, 2023
edited
Loading

According to https://cloud.google.com/storage/docs/performing-resumable-uploads#status-check a 308 response that does not contain a Range header should interpret as GCS having received no data.

Include x-goog-gcs-idempotency-token in Json Resumable upload debug context

@BenWhitehead BenWhitehead added the owlbot:ignore instruct owl-bot to ignore a PR label Aug 25, 2023
@BenWhitehead BenWhitehead requested a review from a team as a code owner August 25, 2023 18:07
@product-auto-label product-auto-label bot added size: s Pull request size is small. api: storage Issues related to the googleapis/java-storage API. labels Aug 25, 2023
@BenWhitehead
fix: a resumable session without a Range header should be interpreted…
98521f2 
… as 0 length

According to https://cloud.google.com/storage/docs/performing-resumable-uploads#status-check a 308 response that does not contain a Range header should interpret as GCS having received no data.

Include x-goog-gcs-idempotency-token in Json Resumable upload debug context
@BenWhitehead BenWhitehead changed the title fix: include x-goog-gcs-idempotency-token in Json Resumable upload debug context fix: a resumable session without a Range header should be interpreted as 0 length Aug 25, 2023
frankyn
frankyn reviewed Aug 29, 2023
View reviewed changes
google-cloud-storage/src/main/java/com/google/cloud/storage/JsonResumableSessionQueryTask.java Outdated Show resolved Hide resolved
google-cloud-storage/src/main/java/com/google/cloud/storage/JsonResumableSessionQueryTask.java Outdated Show resolved Hide resolved
...loud-storage/src/main/java/com/google/cloud/storage/JsonResumableSessionFailureScenario.java
@@ -79,6 +78,7 @@ enum JsonResumableSessionFailureScenario {
.or(matches("Content-Type"))
.or(matches("Range"))
.or(startsWith("X-Goog-Stored-"))
.or(matches("X-Goog-GCS-Idempotency-Token"))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if the code collapsed to startsWith("X-Goog-")?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to reduce the scope to prevent an accidental inclusion of a header that might contain a sensitive value.

If it were relaxed to x-goog- that could pull in object metadata fields which could have sensitive values.

Since these error messages go into peoples logs, we should only include what we know is safe.

@BenWhitehead BenWhitehead merged commit 5302201 into main Aug 30, 2023
@BenWhitehead BenWhitehead deleted the idem-header-debug branch August 30, 2023 17:39
@release-please release-please bot mentioned this pull request Aug 28, 2023
Merged
@danking danking mentioned this pull request Sep 27, 2023
Closed
@lucymcnatt lucymcnatt mentioned this pull request Sep 29, 2023
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frankyn frankyn frankyn approved these changes

Assignees
No one assigned
Labels
api: storage Issues related to the googleapis/java-storage API. owlbot:ignore instruct owl-bot to ignore a PR size: s Pull request size is small.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@BenWhitehead @frankyn