| 21 Aug 2024 |
 agronholm (Alex Grönholm) | (work with PyPy) | 11:59:52 |
 Sam Bull | Found the downstream packager issue, time-machine was segfaulting for them:
https://github.com/aio-libs/aiohttp/issues/7851 | 12:03:27 |
 Joongi Kim | https://github.com/achimnol/aiotools/blob/main/tests/test_timer.py maybe this could help.. | 16:39:50 |
| Joongi Kim | aiotools.VirtualClock which provides an instantly completing sleep function and the virtual clock by monkey-patching the internal of asyncio event loop. | 16:40:53 |
| Joongi Kim | * aiotools.VirtualClock provides an instantly completing sleep function and the virtual clock by monkey-patching the internal of asyncio event loop (specifically, the timeout argument passed to the OS-level select() API) | 16:41:17 |
| Joongi Kim | * https://github.com/achimnol/aiotools/blob/main/tests/test_timer.py and https://github.com/achimnol/aiotools/blob/main/src/aiotools/timer.py#L78
maybe these could help.. | 16:42:15 |
| 23 Aug 2024 |
 William Barnhart | Thanks for getting back to me! I'll try making some images and I'll make sure aio-libs gets access | 13:54:46 |
| 3 Sep 2024 |
|  @webknjaz 🇺🇦 #StandWithUkraine | https://stand-with-ukraine.pp.ua | #russiaIsANaziState banned  ambrose _j (spam). | 11:48:36 |
| 8 Sep 2024 |
|  michael_loe001 joined the room. | 00:46:55 |
| michael_loe001 | Redacted or Malformed Event | 01:09:07 |
| michael_loe001 left the room. | 02:18:27 |
| Sam Bull banned michael_loe001 (Spam). | 12:31:08 |
| 13 Sep 2024 |
|  tapin_link00 joined the room. | 15:45:09 |
| 14 Sep 2024 |
|  Mary Sanchez joined the room. | 01:55:11 |
| Mary Sanchez | Redacted or Malformed Event | 02:00:03 |
| @webknjaz 🇺🇦 #StandWithUkraine | https://stand-with-ukraine.pp.ua | #russiaIsANaziState banned Mary Sanchez (Spam). | 02:20:55 |
| tapin_link00 | Redacted or Malformed Event | 12:46:11 |
| Sam Bull banned tapin_link00 (Spam). | 13:43:58 |
| 16 Sep 2024 |
|  cnfjts joined the room. | 09:51:15 |
| cnfjts left the room. | 09:51:31 |
|  Om Thorat joined the room. | 21:16:34 |
| Om Thorat | Hello, while trying to hit a certain url using aiohttp was faced with an invalid http error regarding duplicate content-length headers, I understand the http semantics give a choice between rejecting it as invalid html or merging the duplicates.
The C parser rejected it as invalid error I understand if that's an upstream problem. But even aiohttp's own python parser rejects it the same way.
Just wanted to enquire if this a known choice and if it's something that could be discussed and added to the parser. Didn't make a different issue because I saw a few reporting them same problem before, but I didn't get my answers.
| 21:22:55 |
| Om Thorat | * Hello, while trying to hit a certain url using aiohttp was faced with an invalid http error regarding duplicate content-length headers, I understand the http semantics give a choice between rejecting it as invalid html or merging the duplicates.
The C parser rejected it as invalid error I understand if that's an upstream problem. But even aiohttp's own python parser rejects it the same way.
Just wanted to enquire if this a known choice and if it's something that could be discussed and added to the parser. Didn't make a different issue because I saw a few reporting them same problem before, but I didn't get my answers.
Thank you : )
| 21:23:10 |
| @webknjaz 🇺🇦 #StandWithUkraine | https://stand-with-ukraine.pp.ua | #russiaIsANaziState | In reply to @omthorat:matrix.org
Hello, while trying to hit a certain url using aiohttp was faced with an invalid http error regarding duplicate content-length headers, I understand the http semantics give a choice between rejecting it as invalid html or merging the duplicates.
The C parser rejected it as invalid error I understand if that's an upstream problem. But even aiohttp's own python parser rejects it the same way.
Just wanted to enquire if this a known choice and if it's something that could be discussed and added to the parser. Didn't make a different issue because I saw a few reporting them same problem before, but I didn't get my answers.
Thank you : ) Why do you think having multiple content lengths is useful? Could you quote the RFC where it's allowed? | 21:25:18 |
| Om Thorat | In reply to @webknjaz:matrix.org
Why do you think having multiple content lengths is useful? Could you quote the RFC where it's allowed? I don't think it's useful per sey but for my usecase that is vulnerability scanning there are some misbehaving apps that'll use that and I am unable to process my request with aiohttp because the html gets declared invalid.
a recipient of a Content-Length header field value consisting of the same decimal value repeated as a comma-separated list (e.g, "Content-Length: 42, 42") MAY either reject the message as invalid or replace that invalid field value with a single instance of the decimal value, since this likely indicates that a duplicate was generated or combined by an upstream message processor.
src - https://httpwg.org/specs/rfc9110.html#field.content-length
Section 8.6 last paragraph
| 21:29:47 |
| Om Thorat | In reply to @webknjaz:matrix.org
Why do you think having multiple content lengths is useful? Could you quote the RFC where it's allowed? * I don't think it's useful per sey but for my usecase that is vulnerability scanning there are some misbehaving apps that'll use that and I am unable to process my request with aiohttp because the html gets declared invalid. Other tools and frameworks such as curl and requests seem to parse it. I understand that isn't a reason for aiohttp to allow it too, I am asking if it'll possible to do so with the projects current opinions.
a recipient of a Content-Length header field value consisting of the same decimal value repeated as a comma-separated list (e.g, "Content-Length: 42, 42") MAY either reject the message as invalid or replace that invalid field value with a single instance of the decimal value, since this likely indicates that a duplicate was generated or combined by an upstream message processor.
src - https://httpwg.org/specs/rfc9110.html#field.content-length
Section 8.6 last paragraph
| 21:34:05 |
| Sam Bull | The reason we reject things like that is that they can be used for HTTP request smuggling attacks. | 21:44:32 |
| Sam Bull | Generally more important on the server-side though. So, if you're talking about client-side, then it could be considered as acceptable in lax mode (the default). But, we generally want the parsers to behave the same, so ideally we'd want llhttp to support this too. | 21:47:24 |
| Om Thorat | I am talking about the client side yes, | 21:48:31 |
| Om Thorat | * I am talking about the client side yes. | 21:48:36 |
