Posts from blog by tag faker:
This Week in Changelogs: Django and faker
Django 4.1.6, 4.1.7
- 4.1.6: release notes, blog post
- 4.1.7: release notes, blog post
9d7bd5a
An interesting bug of parsing the Accept-Language header. The format of the header value is complex, so there's a bunch of regular expressions and @functools.lru_cache(maxsize=1000) for caching the result. However, you can pass a huge header multiple times, causing DoS, so they added two if statements:
- one that checks if the length is less than
ACCEPT_LANGUAGE_HEADER_MAX_LENGTH - second - for checking the comma-separated strings. So they decided not to just raise an exception or truncate the string by
[:ACCEPT_LANGUAGE_HEADER_MAX_LENGTH], but truncate the value in a safe way, so it can be parsed in a meaningful result. Good job!