Skip to content
This repository has been archived by the owner on Mar 28, 2024. It is now read-only.

[BUG-40653] Allow llGetHTTPHeader() in the http_response() event #12298

Closed
sl-service-account opened this issue Oct 7, 2016 · 1 comment
Closed

[BUG-40653] Allow llGetHTTPHeader() in the http_response() event #12298

sl-service-account opened this issue Oct 7, 2016 · 1 comment
Labels
project:BUG

Comments

@sl-service-account
Copy link

How would you like the feature to work?

Currently the llGetHTTPHeader() function is only useful within the http_request() event for handling incoming requests.

I'd like to propose that this method also function within the http_response() event, allowing access to more of the headers returned from a request made via llHTTPRequest().

To avoid having to do this by default, this capability could be enabled with a new HTTP_REQUEST_HEADERS constant in the options list, when present this enables retrieval of headers for the http_response() event. Alternatively the constant could instead be HTTP_REQUEST_HEADER followed by a string specifying a header to retrieve from the response, with the option added multiple times to retrieve several different headers; this allows a script to restrict which headers are actually retained to only those that it will actually use.

Accessing the headers would have the same basic restrictions as for the http_request() event; the requested key must match the key of the http_response() event, and headers must be retrieved within 30 seconds.

Why is this feature important to you? How would it benefit the community?

It would be very useful to be able to retrieve more information from responses to llHTTPRequest(), in particular custom headers as doing so greatly reduces the need for costly processing of the HTTP body; it will also provide greater flexibility when handling connections to services over which the script author does not have control (i.e- those that do not return all required data in the HTTP body).

Original Jira Fields
Field Value
Issue BUG-40653
Summary Allow llGetHTTPHeader() in the http_response() event
Type New Feature Request
Priority Unset
Status Closed
Resolution Unactionable
Reporter Haravikk Mistral (haravikk.mistral)
Created at 2016-10-07T08:51:02Z
Updated at 2016-10-12T18:42:10Z 
{
  'Business Unit': ['Platform'],
  'Date of First Response': '2016-10-12T13:42:10.137-0500',
  'How would you like the feature to work?': "Currently the [{{llGetHTTPHeader()}}|https://wiki.secondlife.com/wiki/LlGetHTTPHeader] function is only useful within the [{{http_request()}}|https://wiki.secondlife.com/wiki/http_request] event for handling incoming requests.\r\n\r\nI'd like to propose that this method also function within the [{{http_response()}}|https://wiki.secondlife.com/wiki/http_response] event, allowing access to more of the headers returned from a request made via [{{llHTTPRequest()}}|https://wiki.secondlife.com/wiki/LlHTTPRequest].\r\n\r\nTo avoid having to do this by default, this capability could be enabled with a new {{HTTP_REQUEST_HEADERS}} flag in the {{options}} list, allowing the script to request that headers be returned ({{TRUE}}) or ignored ({{FALSE}}). Alternatively the constant could be {{HTTP_REQUEST_HEADER}} followed by a string specifying a header to retrieve from the response, with the option added multiple times to retrieve several different headers; this allows a script to minimise which headers are actually retained to only those that the script will actually use.\r\n\r\nAccessing the headers would have the same basic restrictions as for the {{http_request()}} event; the requested must match the key of the {{http_response()}} event, and headers must be retrieved within 30 seconds.",
  'ReOpened Count': 0.0,
  'Severity': 'Unset',
  'Target Viewer Version': 'viewer-development',
  'Why is this feature important to you? How would it benefit the community?': 'It would be very useful to be able to retrieve more information from responses to {{llHTTPRequest()}}, in particular custom headers or even the {{Set-Cookie}} header to allow scripts to manually handle session cookies that it finds.\r\n\r\nCurrently the only way to retrieve data in this way is to ensure the server places it in the response body, which means potentially very costly processing.',
}
@sl-service-account
Copy link
Author

Oz Linden commented at 2016-10-12T18:42:10Z

Thank you for your suggestion. We've reviewed your request and determined that it is not something we can tackle at this time.
Please be assured that we truly appreciate the time you invested in creating this feature request, and have given it thoughtful consideration among our review team. This wiki outlines some of the reasoning we use to determine which requests we can, or can't, take on: http://wiki.secondlife.com/wiki/Feature_Requests

More specifically ... There are a number of security and system integrity problems that would be associated with allowing scripts to see and manipulate the header data as described in these issues (BUG-40653, BUG-40654, BUG-40656). The intent of the existing HTTP primitives in LSL is to provide a simple transport for messaging and data access, for which they serve adequately. Building complex web applications that would need these capabilities isn't really the intent.

Thanks again for your interest in improving Second Life.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
project:BUG
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sl-service-account