dnsbty

dnsbty

Only get response headers with Req?

I’m currently using Req in an application, and as I’m thinking about potential security concerns, I have two scenarios in mind where I would like to check the response headers before getting the full body.

For webhooks, I really only care about the headers. If, for example, someone were to sign up and respond to my webhook request with a large payload, I would rather not load the full response payload into memory. Since all I really care about is the HTTP response status code, is it possible to get only that? I was looking at doing something like this, but wondered if there’s a better way:

resp = Req.get!(endpoint.url, into: :self)
Req.cancel_async_response(resp)

For downloading files from URLs sent to my API, I would like to check that the file size and mime type are within our expected parameters before downloading the body. Is this the best way to do that?

resp = Req.get!(file.url, into: :self)
mime_type = Req.Response.get_header(resp, "content-type")
content_length = Req.Response.get_header(resp, "content-length")
  
cond do
  mime_type not in @supported_mime_types ->
    Req.cancel_async_response(resp)
    {:error, :unsupported_file_type}
  
  content_length > @max_file_size ->
    Req.cancel_async_response(resp)
    {:error, :file_too_big}
  
  true ->
    {:ok, resp.body}
end

Thanks!

Marked As Solved

wojtekmach

wojtekmach

Hex Core Team

I think making a HEAD request is the most straightforward. Other than that, either into: :self + cancel (though you’d probably have received some messages by then) or into: fun:

iex> Req.get!("https://httpbin.org/status/201", into: fn {req, resp}, acc -> {:halt, {req, resp}} end)
%Req.Response{
  status: 201,
  headers: %{
    "access-control-allow-credentials" => ["true"],
    "access-control-allow-origin" => ["*"],
    "connection" => ["keep-alive"],
    "content-length" => ["0"],
    "content-type" => ["text/html; charset=utf-8"],
    "date" => ["Fri, 08 Nov 2024 19:55:52 GMT"],
    "server" => ["gunicorn/19.9.0"]
  },
  body: "",
  trailers: %{},
  private: %{}
}

Also Liked

mayel

mayel

wojtekmach

wojtekmach

Hex Core Team

Oh, for checking content-type, file size, etc, I’d use into: fun too. It’s more efficient than into: :self in that it uses the socket in passive mode so you can easily halt before reading any body part.

Where Next?

Popular in Questions Top

Kurisu
For example for a current url like http://localhost:4000/cosmetic/products?_utf8=✓&query=perfume&page=2, I would like to get: ...
New
lessless
I believe there are people here who are dealing with CSV files import on the daily basis, and since Excel is a really popular tool there ...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
ycv005
I have followed this StackOverflow post to install the specific version of Erlang. And When I am running mix ecto.setup then getting fol...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
beno
I will often find my self writing things similar to: case some_value do nil -> something() "" -> something() _ -> somethi...
New
vonH
When I run the Plug and I recompile I wind up having to use Ctrl C to quit iex and start again. Witht the help of rlwrap I can use the cu...
New
JDanielMartinez
Hi! May someone helps me, please! I have two apps into an umbrella project: the first one is Database, which manages queries, and the se...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New

Other popular topics Top

vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
Harrisonl
We have an ECS cluster with 4 services, where each task joins a single cluster, via discovery ECS discovery service. Currently when I de...
New
Nvim
Anybody knows a comprehensive comparison of Django and Phoenix, thanks for the help. Where are they similar? Where do they differ the m...
New
shahryarjb
Hello, I have map which I want to convert it to string like this: the map: %{last_name: "tavakkoli", name: "shahryar"} the string I ne...
New
fireproofsocks
Forgive me if this is obvious, but how does one delete a database record WITHOUT selecting it first? Ecto.Repo — Ecto v3.14.0 has exampl...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
RisingFromAshes
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New
Qqwy
Update: How to use the Blogs & Podcasts section You can post links to your blog posts or podcasts either in one of the Official Blog...
3271 126479 1222
New

We're in Beta

About us Mission Statement