You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While developing with the dio library, I encountered an issue related to FormData cloning. This problem arises in scenarios where request body signing is required.
The core of the issue lies in the clone() method of FormData. The current implementation generates a new boundary during the cloning process, resulting in inconsistent boundaries between the cloned object and the original object. This inconsistency causes problems in certain scenarios, particularly when request body signature verification is needed.
Specifically, my workflow is as follows:
Create a FormData object
Clone the object
Use the readAsBytes() method of the cloned object to generate a request signature
However, because the cloned object's boundary differs from the original, the generated signature does not match the actual sent data, ultimately leading to signature verification failure.
This issue highlights the importance of maintaining FormData clone consistency in certain use cases. Especially in scenarios involving data integrity and security, ensuring that the cloned object is identical to the original is crucial.
Solution Brainstorm
To address this issue, I've implemented a custom solution using a CustomizableFormData class. This class extends FormData and allows for a custom boundary to be set. Here's the implementation:
I've also created a custom method to clone FormData objects while preserving the boundary:
FormDatacloneFormData(FormData origin) {
final clone =CustomizableFormData(origin.boundary);
// copy from FormData
clone.fields.addAll(origin.fields);
for (final file in origin.files) {
clone.files.add(MapEntry(file.key, file.value.clone()));
}
return clone;
}
While the above solution works for my specific use case, I believe a more general solution could be beneficial for the dio library. I propose modifying the clone() method in the FormData class to include an optional parameter for preserving the boundary:
FormDataclone({bool cloneBoundary =false})
This would allow users to choose whether they want to maintain the original boundary when cloning a FormData object, providing more flexibility while addressing the issue of signature verification.
I acknowledge that my programming skills may not be at an expert level. However, if the maintainers of the dio library find this proposal valuable, I would be willing to attempt submitting a pull request with the necessary changes.
Lastly, I want to express my sincere gratitude to the maintainers and contributors of the dio library. Your outstanding work has greatly benefited the developer community, and I appreciate the opportunity to contribute to its improvement.
The text was updated successfully, but these errors were encountered:
Sounds good, should this actually be the default behavior?
Yeah it should be considered as a bug fix, then we don't even need that argument. FYI @helloliuyiming
I have addressed this as a bug fix and submitted a pull request (#2305). Please review it when you have a chance. Let me know if you need any additional information or changes.
Request Statement
While developing with the dio library, I encountered an issue related to FormData cloning. This problem arises in scenarios where request body signing is required.
The core of the issue lies in the clone() method of FormData. The current implementation generates a new boundary during the cloning process, resulting in inconsistent boundaries between the cloned object and the original object. This inconsistency causes problems in certain scenarios, particularly when request body signature verification is needed.
Specifically, my workflow is as follows:
Create a FormData object
Clone the object
Use the readAsBytes() method of the cloned object to generate a request signature
However, because the cloned object's boundary differs from the original, the generated signature does not match the actual sent data, ultimately leading to signature verification failure.
This issue highlights the importance of maintaining FormData clone consistency in certain use cases. Especially in scenarios involving data integrity and security, ensuring that the cloned object is identical to the original is crucial.
Solution Brainstorm
To address this issue, I've implemented a custom solution using a CustomizableFormData class. This class extends FormData and allows for a custom boundary to be set. Here's the implementation:
I've also created a custom method to clone FormData objects while preserving the boundary:
While the above solution works for my specific use case, I believe a more general solution could be beneficial for the dio library. I propose modifying the
clone()
method in theFormData
class to include an optional parameter for preserving the boundary:This would allow users to choose whether they want to maintain the original boundary when cloning a FormData object, providing more flexibility while addressing the issue of signature verification.
I acknowledge that my programming skills may not be at an expert level. However, if the maintainers of the dio library find this proposal valuable, I would be willing to attempt submitting a pull request with the necessary changes.
Lastly, I want to express my sincere gratitude to the maintainers and contributors of the dio library. Your outstanding work has greatly benefited the developer community, and I appreciate the opportunity to contribute to its improvement.
The text was updated successfully, but these errors were encountered: