]> git.ipfire.org Git - thirdparty/starlette.git/commitdiff
projects / thirdparty / starlette.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b8139f9)
generate boundary with token_hex (#2702)
authorTrim21 <trim21.me@gmail.com>
Wed, 25 Sep 2024 11:27:55 +0000 (19:27 +0800)
committerGitHub <noreply@github.com>
Wed, 25 Sep 2024 11:27:55 +0000 (11:27 +0000)
* generate boundary with token_hex

* generate boundary with token_hex

* fix

* boundary size

* Update starlette/responses.py

---------

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
starlette/responses.py patch | blob | blame | history
tests/test_responses.py patch | blob | blame | history

diff --git a/starlette/responses.py b/starlette/responses.py
index b951e51254d144bc2d457a3baad8cb3a9427f093..790aa7ebc1cf72b6e0e480c6b7c7530aa0164e60 100644 (file)
--- a/starlette/responses.py
+++ b/starlette/responses.py
@@ -11,7 +11,7 @@ from datetime import datetime
 from email.utils import format_datetime, formatdate
 from functools import partial
 from mimetypes import guess_type
-from random import choices as random_choices
+from secrets import token_hex
 from urllib.parse import quote
 
 import anyio
@@ -401,7 +401,8 @@ class FileResponse(Response):
         file_size: int,
         send_header_only: bool,
     ) -> None:
-        boundary = "".join(random_choices("abcdefghijklmnopqrstuvwxyz0123456789", k=13))
+        # In firefox and chrome, they use boundary with 95-96 bits entropy (that's roughly 13 bytes).
+        boundary = token_hex(13)
         content_length, header_generator = self.generate_multipart(
             ranges, boundary, file_size, self.headers["content-type"]
         )
diff --git a/tests/test_responses.py b/tests/test_responses.py
index 645d26a682eaa26a47a77393398be2123c04cf20..1fb8c6be0a6e8da630659842724f2e14c19d4aa6 100644 (file)
--- a/tests/test_responses.py
+++ b/tests/test_responses.py
@@ -598,13 +598,13 @@ def test_file_response_range_multi(file_response_client: TestClient) -> None:
     response = file_response_client.get("/", headers={"Range": "bytes=0-100, 200-300"})
     assert response.status_code == 206
     assert response.headers["content-range"].startswith("multipart/byteranges; boundary=")
-    assert response.headers["content-length"] == "400"
+    assert response.headers["content-length"] == "439"
 
 
 def test_file_response_range_multi_head(file_response_client: TestClient) -> None:
     response = file_response_client.head("/", headers={"Range": "bytes=0-100, 200-300"})
     assert response.status_code == 206
-    assert response.headers["content-length"] == "400"
+    assert response.headers["content-length"] == "439"
     assert response.content == b""
 
     response = file_response_client.head(
Mirror of https://github.com/encode/starlette.git