KEMBAR78
fix: a resumable session without a Range header should be interpreted as 0 length by BenWhitehead · Pull Request #2182 · googleapis/java-storage · GitHub
Skip to content

Conversation

@BenWhitehead
Copy link
Collaborator

@BenWhitehead BenWhitehead commented Aug 25, 2023

According to https://cloud.google.com/storage/docs/performing-resumable-uploads#status-check a 308 response that does not contain a Range header should interpret as GCS having received no data.

Include x-goog-gcs-idempotency-token in Json Resumable upload debug context

@BenWhitehead BenWhitehead added the owlbot:ignore instruct owl-bot to ignore a PR label Aug 25, 2023
@BenWhitehead BenWhitehead requested a review from a team as a code owner August 25, 2023 18:07
@product-auto-label product-auto-label bot added size: s Pull request size is small. api: storage Issues related to the googleapis/java-storage API. labels Aug 25, 2023
… as 0 length

According to https://cloud.google.com/storage/docs/performing-resumable-uploads#status-check a 308 response that does not contain a Range header should interpret as GCS having received no data.

Include x-goog-gcs-idempotency-token in Json Resumable upload debug context
@BenWhitehead BenWhitehead changed the title fix: include x-goog-gcs-idempotency-token in Json Resumable upload debug context fix: a resumable session without a Range header should be interpreted as 0 length Aug 25, 2023
.or(matches("Content-Type"))
.or(matches("Range"))
.or(startsWith("X-Goog-Stored-"))
.or(matches("X-Goog-GCS-Idempotency-Token"))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if the code collapsed to startsWith("X-Goog-")?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wanted to reduce the scope to prevent an accidental inclusion of a header that might contain a sensitive value.

If it were relaxed to x-goog- that could pull in object metadata fields which could have sensitive values.

Since these error messages go into peoples logs, we should only include what we know is safe.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

api: storage Issues related to the googleapis/java-storage API. owlbot:ignore instruct owl-bot to ignore a PR size: s Pull request size is small.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants