当WSGI应用在使用environ ['wsgi.input']:前做出响应时,发生TCP连接重置
问题说明
对于我们的Web服务,我写了一些逻辑来防止multipart/form-data POST大于4mb.
For our webservice, I wrote some logic to prevent multipart/form-data POSTs larger than, say, 4mb.
它归结为以下内容(我剥离了所有WebOb用法,只是将其简化为普通的WSGI代码):
It boils down to the following (I've stripped away all WebOb usage and just reduced it to plain vanilla WSGI code):
import paste.httpserver
form = """\
<html>
<body>
<form method="post" enctype="multipart/form-data" action="/">
<input type="file" name="photopicker" />
<input type="submit" />
</form>
</body>
</html>
"""
limit = 4 * 1024 * 1024
def upload_app(environ, start_response):
if environ['REQUEST_METHOD'] == 'POST':
if int(environ.get('CONTENT_LENGTH', '0')) > limit:
start_response('400 Ouch', [('content-type', 'text/plain')])
return ["Upload is too big!"]
# elided: consume the file appropriately
start_response('200 OK', [('content-type', 'text/html')])
return [form]
paste.httpserver.serve(upload_app, port=7007)
所示的逻辑在进行单元测试时正确运行.但是,当我尝试向该端点发送大于4mb的实际文件时,在客户端出现了类似以下错误:
The logic shown works right when unit tested. But as soon as I tried sending actual files larger than 4mb to this endpoint, I got errors like these on the client side:
Error 101 (net::ERR_CONNECTION_RESET): Unknown error.来自Google Chrome浏览器
Firefox中的
The connection to the server was reset while the page was loading.
Error 101 (net::ERR_CONNECTION_RESET): Unknown error.from Google ChromeThe connection to the server was reset while the page was loading.from Firefox
使用Python内置的wsgiref HTTP服务器时发生相同的错误.
Same error occurs when using Python built-in wsgiref HTTP server.
事实:在我用HTTP 400响应之前添加environ['wsgi.input'].read()之后,连接重置问题就消失了.当然,这不是一个好的解决方案.它只是显示当您完全消耗输入时会发生什么.
Fact: once I added environ['wsgi.input'].read() just before responding with HTTP 400, the connection reset problem went away. Of course, this is not a good fix. It just shows what happens when you fully consume the input.
我仔细阅读了 HTTP:权威指南,并发现了一些有趣的指南,说明它对管理的重要性实施HTTP服务器和客户端时,请仔细进行TCP连接.它继续说明如何而不是close -ing套接字,而是更喜欢执行shutdown,以便客户端有机会做出反应并停止向服务器发送更多数据.
I perused HTTP: The Definitive Guide and found some interesting guidelines on how it was important to mangage TCP connections carefully when implementing HTTP servers and clients. It went on about how, instead of close-ing socket, it was preferred to do shutdown, so that the client had chance to react and stop sending more data to server.
也许我缺少一些关键的实现细节,这些细节阻止了这种连接重置.有见识的人吗?
Perhaps I am missing some crucial implementation detail that prevents such connection resets. Insights anyone?
请参见要点.
正确答案
之所以发生这种情况,是因为您在不读取输入流的情况下不读取它而将其关闭.浏览器已经将要发送的文件中的很大一部分排队,然后由于服务器强行关闭连接而收到写入错误.
This is happening because you are discarding the input stream without reading it, and this is forcing it closed. The browser has queued up a good portion of the file to be sent already and then it gets a write error because the server closes the connection forcefully.
不了解所有输入内容,这是我所不知道的.
There is no way around this that I know of without reading all the input.
我建议您使用一些Javascript来测试文件的大小,然后再发送文件.然后唯一会出错的人就是那些因为没有Javascript或有意试图恶意而忽略客户端检查的人.
I would recommend some Javascript to test the size of the file before it is sent. Then the only people who get the error are those who are ignoring the client-side check because they don't have Javascript or because they are purposefully trying to be malicious.
这篇好文章是转载于:学新通技术网
