The web in a box - a next generation web framework for the Perl programming language

IRC log for #mojo, 2018-02-13

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:14 mtj joined #mojo
00:15 ghenry joined #mojo
00:16 Seth joined #mojo
01:15 ghenry joined #mojo
01:28 aborazmeh joined #mojo
01:33 dikim joined #mojo
03:24 gordonfish joined #mojo
04:11 marty joined #mojo
04:12 karjala_ joined #mojo
04:54 marty joined #mojo
04:57 polettix joined #mojo
05:04 dboehmer joined #mojo
06:29 Vandal joined #mojo
06:34 polettix joined #mojo
07:13 polettix joined #mojo
07:15 inokenty-w joined #mojo
07:37 McA joined #mojo
08:08 karjala_ joined #mojo
08:10 McA Good morning. Is there a reason why I can't declare configuration variables when starting an app via 'hypnotoad balbla.pl' like -l ?
08:30 trone joined #mojo
08:53 Edward joined #mojo
09:15 berov joined #mojo
09:29 Ricaz Is there some easy way to send all POST/form/param data from the request back with the response?
09:32 Ricaz I need to take all the data from the request's querystring and send it back to another host
10:03 exp-innit right hopefully i'll get a chance to finish that PR today
10:06 jkramer Damn, I don't even want to use promises, I just need my service to keep working :)
10:16 sri jkramer: you can always turn the old Mojo::IOLoop::Delay into a cpan module and maintain it yourself
10:16 sri normally people realize how good promises are before it comes to that though
10:22 chansen joined #mojo
10:29 jkramer sri: Yeah I thought about just monkey-patching `remaining` back into ::Delay but the maintainance part is something I'd like to avoid :)
10:29 jkramer Or I'll just use an older Mojo and never update again
10:30 sri that surely won't cause security issues
10:30 jkramer :D
10:34 jkramer So I guess declaring `remaining`/the possibilty to inject steps dynamically a really handy feature and keeping it is not an option?
10:35 sri no, promises are better at it
10:35 purl okay, sri.
10:37 jkramer :(
10:48 kes joined #mojo
10:50 kes About HTML vulnerabilities: https://translate.google.com/translate?sl=ru&tl=en&js=y&prev=_t&hl=ru&ie=UTF-8&u=https%3A%2F%2Fhabrahabr.ru%2Fpost%2F348558%2F&edit-text=&act=url
10:50 kes maybe someone will be interested
10:53 kubrat hello. is there something like $ua->on(finish => sub {...})?
10:53 sri kubrat: $tx has a finish event
10:55 kubrat sri: thanks. I'm going to give it a try
11:00 sri looks like nginx is getting http/2 push support through Link headers https://hg.nginx.org/nginx/rev/641306096f5b
11:00 sri might be worth revisiting support for Link headers, they have many more uses these days
11:01 sri direct link to new spec https://www.w3.org/TR/preload/#server-push-http-2
11:29 htaunay joined #mojo
11:37 CHYC joined #mojo
12:01 McA joined #mojo
12:02 odc joined #mojo
12:14 marcus sri: interesting
12:15 CandyAngel Has anyone here done anything with that Geocities torrent that got uploaded when Geocities was deleted?
12:23 jkramer Is there some more complex code using promises out there that I can look at? Something that goes beyond the basic examples from the docs?
12:29 berov joined #mojo
12:54 cromedome joined #mojo
13:32 jkramer http://dpaste.com/1PZSKYX.txt - Mojo::Promise->all seems to hang forever when called without arguments, is that how it's supposed to be?
13:32 jkramer OTOH this does nothing at all and returns instantly: perl -Mv5.10 -MMojo::Promise -e 'say Mojo::Promise->all()->then(sub { say "ok whatever" }, sub { warn "OMG TOTAL FAIL @_" } )->catch(sub { "OMG WTF @_" })->wait'
13:32 polettixx joined #mojo
13:41 jkramer https://github.com/kraih/mojo/blob/master/lib/Mojo/Promise.pm#L25
13:42 jkramer I guess when there are no promises the $all promise should resolve instantly? Otherwise nothing ever happens
13:52 Ricaz I have a $routes->under('/' => sub {}). Within, I redirect_to '/login' if not authenticated. However, it seems the app continues to route after this, since the debug output looks like this: https://pastebin.com/raw/tC0A3dWu - what could be causing this?
13:52 Repaster Repasted text from Ricaz: https://perl.bot/p/g43fbu
13:52 jamesaxl joined #mojo
13:54 epiphero Are you returning from the sub after you redirect?
13:54 Ricaz epiphero no, should I?
13:55 epiphero Yes, redirect_to doesn't stop control flow.
13:55 Ricaz What does?
13:56 sri return
13:56 Ricaz What if it's a controller method?
13:56 sri then you need to return again
13:56 Ricaz It should return 0 if I'm redirecting and want it to stop there, right?
13:57 Ricaz In which scenario would it make sense not to return from a controller method, then?
13:58 Ricaz Hah, this makes a lot more sense now
14:08 marty joined #mojo
14:18 ribasushi joined #mojo
14:19 jkramer Any thoughts on the Promise->all thing above?
14:19 Pyritic joined #mojo
14:27 sri jkramer: arguable what should happen
14:28 jkramer sri: I think if there's nothing to do it should finish instantly instead of waiting for non-existent stuff to finish :)
14:28 jkramer Or at least croak/die or something if you call it without arguments, so it doesn't silently do nothing and hang forever. But I prefer the first one
14:30 sri no, it should definitely not croak
14:30 sri we don't validate arguments
14:31 jkramer I think adding `$all->resolve unless $remaining` would work just fine
14:31 jkramer And probably wouldn't break anything, assuming no one relies on ->all to hang forever for some reason :)
14:32 gizmomathboy joined #mojo
14:32 sri it depends on if there are good use cases for the feature
14:33 exp-innit sri: right back on this PR finally
14:33 jkramer Well one use case would be generating promises dynamically and calling ->all with them
14:33 exp-innit sri: you said i have to go find all existing uses of 'origin' and mark them as deprecated
14:33 epiphero I would think being able to do somthing like Mojo::Promise->all(grep { ... } @list) would be useful, but I guess I don't have a specific pain point yet.
14:33 exp-innit but i'm not 100% clear on the marking, it should only be a couple places so that's straightforward
14:34 sri exp-innit: just to be sure, please don't interpret my comments as approval
14:34 jkramer sri: See me dpaste link above for a use case, although it's just a for testing, not a real-world thing
14:34 exp-innit sri: honestly I just don't know what needs to be done
14:34 exp-innit I haven't had much time to work on the PR as it's a work related thing
14:34 exp-innit I'm happy to do whatever's required
14:34 sri exp-innit: i still have no idea what's actually behind your pull request, and it is very likely it will not get the required votes
14:35 sri mentioning it since people got upset recently when i did not point that out
14:35 exp-innit sri: I updated the issue with complete details and a mojo lite test app: https://github.com/kraih/mojo/issues/1185
14:35 exp-innit I can try and explain more if that's required
14:36 sri exp-innit: yes, and i do not understand it
14:36 exp-innit sri: what is unclear? I will update it if so
14:36 sri you're doing things we don't intend on supporting
14:36 jkramer Also just doing nothing might be a pitfall for some people as it's kinda unexpected, as it happened to me. And the fix is trivial.
14:36 sri it is not intended that response cookies can be recreated from the cookie jar
14:37 exp-innit sri: but the UA requires that?
14:37 jkramer Currently I'd have to do a workaround like Promise->all(@p ? @p : (Mojo::Promise->new->resolve))
14:37 exp-innit or do you mean, recreate identically, because i'm not really trying to do that
14:37 exp-innit just to determine the domain that applies to a cookie set without one, which the UA does do via 'origin'
14:37 exp-innit which leads to another bug, the acceptance of two cookies from the same host when that is prohibited
14:38 sri exp-innit: i don't think anyone here understands that part
14:38 sri not sure what else to say, we don't get it
14:38 exp-innit sri: Mojo UA considers unset domains distinct from set domains, the RFC does not, and so mojo will store two identical cookies when it should evict the older one
14:40 sri exp-innit: so you could make a failing test case for cookiejar.t?
14:41 sri if an incorrect cookie is sent that would be a serious bug
14:41 exp-innit sri: yeah no problem, I modify the existing test in my PR but I appreciate it's not very clear, took me a bit to understand the behaviour too
14:41 sri maybe even a security issue, giving us much more room for changes
14:41 exp-innit sri: would you prefer I file an issue with a Mojo Lite test case?
14:42 sri no, i want a mojo/cookiejar.t test case that fails but shouldn't
14:42 sri the most minimal it can be
14:42 exp-innit right, i'll extract that from my PR, how would you like that? a gist?
14:43 sri a new pull request with all information in the description
14:43 exp-innit roger
14:43 exp-innit i'll get on that now
14:44 sri then we'll confirm it
14:44 jkramer With the workaround above you'd also have to check for a dummy result value in the next ->then step
14:44 sri and you could send a followup pull request with the fix, which might not even require a deprecation if it is confirmed as a security issue
14:45 sri jkramer: it's all about the use cases
14:45 exp-innit I'm not sure whether it could be considered a security issue, as it's never going to overwrite with the wrong domain, i'll work on a test now and you can decide what category that is :)
14:47 jkramer sri: Like what? I think stuff like Promise->all(map { $ua->get_p($_) } @some_or_0_urls)->then(...) is a pretty good use case
14:47 sri jkramer: i don't know, put it up for a vote
14:48 sri (which means you open an issue describing the feature, i'll add the labels and start the vote)
14:49 jkramer sri: The way it is now is definitely a big pitfall, it should at least be documented. I can't think of a any good reasong for ->all to just do nothing and probably no one would expect that behavior
14:49 jkramer Ok
14:49 sri jkramer: and it should be the same for race i imagine
14:51 sri jkramer: for bonus points, i think it can be implemented without adding new lines "return @promises ? $all : $all->resolve([]);"
14:52 jkramer sri: Probably, but for race I wouldn't know if it should resolve or reject. The use case is a bit different I guess, the user would expect some kind of return value.
14:52 sri ->race and ->all should be consistent though
14:53 sri you could look up what happens in the javascript promise api in those cases
14:53 sri actually, you should
14:54 sri would be an important argument to make
15:00 exp-innit sri: just to check, is it ok for me to modify an existing test so that it fails correctly and list why? or would you prefer an entirely new test writing?
15:02 sri exp-innit: that would be ok, if your explanation for why it should fail is good
15:02 exp-innit roger, I have confirmed that the UA does behave incorrectly too according to the RFC
15:02 exp-innit so i guess it's now a prose writing challenge :)
15:02 exp-innit ty sri
15:02 sri and more likely a security issue if the UA behaves wrong
15:03 exp-innit that depends on your own criteria, the logic regarding the domain it gets sent to is already fine from what i can tell, but it will submit two cookies when it should submit only one
15:03 exp-innit anyhow, I'll get this PR written now, thanks
15:04 jkramer sri: I couldn't find documentation for that specific case (.all([])), but I tested it and .all finished/.then(...) gets executed
15:06 sri jkramer: compare the arguments passed to the .then callback too
15:06 sri same for race
15:06 sri that should be a reasonable argument
15:07 sri if that all checks out i'll +1 the change
15:09 jkramer sri: .then gets an empty array, which was to be expected I think (I'm not really familiar with the JS API but it makes sense)
15:09 sri it's what i would have expected
15:09 sri and .race?
15:10 jkramer Huh, .race doesn't finish as it seems.
15:10 jkramer Tested here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/race
15:10 jkramer So no idea what this means. Is the JS API inconsistent?
15:11 jkramer Or the implementation? (Using FF right now)
15:11 pink_mist it follows the documentation - it resolves or rejects as soon as one of the passed in promises resolves or rejects - no promises passed in, no passed in promise that can resolve/reject
15:12 jkramer Hmm
15:13 pink_mist in the examples a bit below it specifically points out "An empty iterable causes the returned promise to be forever pending:"
15:16 jkramer Ah didn't see that. And for .all it says: If an empty iterable is passed, then this method returns (synchronously) an already resolved promise.
15:21 sri how weird
15:24 jkramer https://github.com/kraih/mojo/issues/1193
15:24 exp-innit oh wow that was a good race
15:24 exp-innit i got 1192 :)
15:24 exp-innit sri: hope this is to your standards: https://github.com/kraih/mojo/pull/1192
15:24 exp-innit tried to include everythign i possibly can
15:25 exp-innit a test script, failing tests, references to the sections, and i have tried to explain it succinctly and clearly
15:35 sri exp-innit: you did not mention why it counts as the same domain
15:37 exp-innit sri: added
15:37 exp-innit oh, added it wrong
15:37 exp-innit cause i'm an idiot
15:38 exp-innit anyway, that now includes the same two sections, 6 and 11
15:40 sh14 joined #mojo
15:43 sri our votes in the past have been a bit unorganized and hard to follow, so i'll try to formalize the process in the next few weeks
15:43 sri starting with https://github.com/kraih/mojo/issues/1193#issuecomment-365305296
15:43 exp-innit sri: I only have a couple weeks left on this contract
15:43 exp-innit but I believe the old PR encompasses this new one
15:44 exp-innit and contains the fix short of the deprecation notes you mentioned, which i'm not sure I have a good example for
15:44 exp-innit hopefully at least I've provided enough information, and I'll idle in here until I'm done and have to leave
15:44 sri once an issue looks good enough to vote on i'll call for a vote and from then on it's a week until votes are counted, or until a majority is reached early
15:44 exp-innit so if there's anything more I can do please let me know
15:46 haarg the ->race thing kind of makes sense
15:47 sri exp-innit: ok, now i understand your issue
15:47 haarg it needs to give the result of exactly one promise, so if it doesn't have any promises it can't give any result.
15:47 sri exp-innit: are you sure your interpretation of the RFC is correct? have you confirmed your findings with browser behavior?
15:48 sri exp-innit: Chrome/Firefox behavior for comparison would be very helpful
15:48 exp-innit sri: with the greatest respect, there's only so much time I can dedicate to this
15:48 exp-innit I'll try and find time to do that on my own time tonight
15:48 exp-innit I have found alternate implementations of this code, Go, Python and Rbuy
15:49 exp-innit Go and Python behave as my understanding of the RFC is, Ruby's implementation is... a little hard to understand
15:49 sri exp-innit: it's the last bit of information i need, if it supports your findings i'd give it a weak security issue status, which means your patch can be applied without deprecation requirement
15:49 sri (as in you can just remove origin and add http-only)
15:49 exp-innit sri: against a Mojo::Lite app sufficient? IP address for domain sufficient? or you want a FQDN?
15:50 gryphon joined #mojo
15:50 exp-innit it's host_only fwiw, http-only is bloody similarly named, but yeah i'm with you
15:50 sri umm, right
15:50 sri i mean host_only
15:50 exp-innit I don't midn doing the tests, just rushing to get everything finished at this contract
15:50 sri sure
15:51 sri FQDN would be ideal of course
15:51 exp-innit mojo.in.my.laboratory.lol it is
15:51 sri localhost as domain should be fine though, no?
15:51 * sri does not remember
15:52 exp-innit well in the existing test case it works fine with 127.0.0.1, but i might as well use a real extant domain name
15:55 sri CandyAngel: heads up, we might break your CookieJar role
15:56 exp-innit it tests domain first, so it should behave correctly regardless
15:56 exp-innit it was the only case i could find, and my patch also explicitly sets domain up front
15:56 exp-innit so deprecation should still be fine, i leave that decision to you however
15:57 CandyAngel sri: Aw, I appreciate the assumption that is isn't already broken <3
15:58 CandyAngel Thanks for the warning :)
15:58 CandyAngel it isn't*
16:00 sri exp-innit: please submit a pr with the minimal solution, without deprecation
16:01 sri so it can be applied after the test pr
16:01 sri or actually, put them together in the fix pr
16:01 CandyAngel I think the "saves session cookies" in the role doesn't actually save session cookies, it works around the domain being missing..
16:02 exp-innit CandyAngel: yeah you do something like $c->domain // $c->origin, so my patch works correctly
16:02 exp-innit sri: that'll have to be tomorrow at this point, I assume that's ok
16:02 sri exp-innit: have you confirmed what browsers do in the domain case?
16:03 sri do they send one or two cookies?
16:03 exp-innit sri: I haven't tested double cookies no, I'll do that tonight if I find time
16:03 sri that's the important case
16:03 exp-innit only tested the blank domain case, as that's what I came across (with Request Tracker)
16:03 exp-innit yes I understand, but you only asked me 20 mins ago :p
16:04 sri i mean the case you sent a test case for
16:09 exp-innit sri: no I haven't done any browser tests for that case, I'll do that tonight
16:20 sri exp-innit: it's the last bit of information we need
16:23 exp-innit sri: i understand, i'll do what i can tonight
16:23 exp-innit can't justify doing that on work time
16:24 sri actually, don't bother, i confirmed it
16:26 exp-innit behaviour as expected?
16:29 good_news_everyon joined #mojo
16:29 good_news_everyon [mojo] kraih pushed 2 new commits to master: https://git.io/vAOjy
16:29 good_news_everyon mojo/master a49561c Paul Robins: Only permit one cookie with identical (name, path, domain,) attributes
16:29 good_news_everyon mojo/master 74e4900 Sebastian Riedel: Merge pull request #1192 from expbbc/cookiejar-tests...
16:29 good_news_everyon left #mojo
16:29 sri exp-innit: since you have no time i think we'll take over
16:29 exp-innit sri: be my guest, the fix is pretty straightforward and can be taken from my existing PR
16:53 good_news_everyon joined #mojo
16:53 good_news_everyon [mojo] kraih pushed 1 new commit to master: https://git.io/vA3Jy
16:53 good_news_everyon mojo/master c16a56a Sebastian Riedel: fix a security issue in Mojo::UserAgent::CookieJar
16:53 good_news_everyon left #mojo
17:01 good_news_everyon joined #mojo
17:01 good_news_everyon [mojo] kraih pushed 1 new commit to master: https://git.io/vA3Up
17:01 good_news_everyon mojo/master a18da70 Sebastian Riedel: improve all method in Mojo::Promise to resolve with no results if no promises have been passed (closes #1193)
17:01 good_news_everyon left #mojo
17:02 pink_mist exp-innit++ jkramer++
17:03 good_news_everyon joined #mojo
17:03 good_news_everyon [mojo] kraih pushed 1 new commit to master: https://git.io/vA3TL
17:03 good_news_everyon mojo/master 03988ae Sebastian Riedel: fix POD test too
17:03 good_news_everyon left #mojo
17:03 exp-innit oh very nice
17:04 exp-innit sri: might be worth adding the extra test i included in the PR which tests the domain of the cookie in the jar: https://github.com/kraih/mojo/pull/1186/commits/ee2369201acd9f1a43c6f0da077ca7d0d942c6d5#diff-da13adf6918dd4c6a4295e48b8eb4935L255
17:04 exp-innit other than that, glad to see this get in
17:04 exp-innit i'll get permission from managers here to let you use the logo / name for advocacy too, which is nice
17:04 good_news_everyon joined #mojo
17:04 good_news_everyon [mojo] kraih pushed 1 new commit to master: https://git.io/vA3Tc
17:04 good_news_everyon mojo/master 22abdf9 Sebastian Riedel: update CREDITS section
17:04 good_news_everyon left #mojo
17:06 exp-innit ty for the credit
17:08 jkramer sri: Thanks for accepting the change request, but I think there's something wrong with the fix. I don't have time to think/check about it, but I think resolve([]) is wrong, it should be resolve(), otherwise calling ->all with no promises yields the result of one promise that resolves with an empty array if I'm not mistaken. I'm afk for a while but please have a look.
17:08 good_news_everyon joined #mojo
17:08 good_news_everyon [mojo] kraih pushed 1 new commit to master: https://git.io/vA3T9
17:08 good_news_everyon mojo/master c9e76b8 Sebastian Riedel: a few more cookie jar tests
17:08 good_news_everyon left #mojo
17:10 sri jkramer: yes, you are correct
17:10 good_news_everyon joined #mojo
17:10 good_news_everyon [mojo] kraih pushed 1 new commit to master: https://git.io/vA3kY
17:10 good_news_everyon mojo/master 45ad9fc Sebastian Riedel: fix Mojo::Promise arguments
17:10 good_news_everyon left #mojo
17:47 anony joined #mojo
18:03 trone joined #mojo
18:21 Pyritic joined #mojo
18:32 tcohen joined #mojo
18:42 jamesaxl joined #mojo
18:56 zivester joined #mojo
19:00 Seth joined #mojo
19:04 Pyritic joined #mojo
20:10 Seth joined #mojo
20:15 shoorick joined #mojo
20:19 shoorick Hello!
20:19 shoorick Is there a way to deny serving of one particular file from public/ directory with Mojolicious::Lite? I've put less/ directory info public/ for debugging purpose but I'm afraid of showing all its content for example Makefile — this file is unnecessary for visitors.
20:21 mishanti1 shoorick: My advice would be keeping all explicitly non-public files out of public/.
20:22 mishanti1 Most of our projects at $work now have public/ in .gitignore. Everything that goes there is put there explicitly during the build / packaging phase.
20:30 shoorick mishanti1: I had non-public files out of public/ but some design related tasks are easier to solve when non-public files are here. OK, I'll move it back when I finish design tasks — it seems it is the easiest way :-)
20:31 berov joined #mojo
20:31 Grinnz shoorick: note that you can dynamically add namespaces to the static renderer, like a secondary public dir only for dev: https://metacpan.org/pod/Mojolicious::Static#paths
20:31 Grinnz (you access that object as $app->static)
20:32 mishanti1 shoorick: design-tasks is actually a large part of why we have non-public files out of public/. Out designer has set up the build-steps for assets such that they are processed correctly upon change and then put the finished assets in public/.
20:32 mishanti1 s/Out/Our/
20:32 Grinnz https://metacpan.org/pod/Mojolicious#static has more examples
20:32 Pyritic joined #mojo
21:21 polettix joined #mojo
21:29 polettix hi all
21:29 polettix https://github.com/kraih/mojo/blob/master/lib/Mojolicious/Guides/Cookbook.pod#synchronizing-non-blocking-operations
21:29 polettix in the example: Mojo::Promise->all(mojo, $minion)->then(sub {
21:29 vicash left #mojo
21:29 polettix should it be $mojo instead?
21:30 pink_mist yes
21:32 good_news_everyon joined #mojo
21:32 good_news_everyon [mojo] kraih pushed 1 new commit to master: https://git.io/vA3yo
21:32 good_news_everyon mojo/master 0f9340e Sebastian Riedel: fix typo in example
21:32 good_news_everyon left #mojo
21:38 vicash joined #mojo
22:16 berov joined #mojo
22:52 maschine_ joined #mojo

| Channels | #mojo index | Today | | Search | Google Search | Plain-Text | summary