generate boundary with token_hex#2702
Conversation
starlette/responses.py
Outdated
| send_header_only: bool, | ||
| ) -> None: | ||
| boundary = "".join(random_choices("abcdefghijklmnopqrstuvwxyz0123456789", k=13)) | ||
| boundary = token_hex(20) |
There was a problem hiding this comment.
just A random number I picked. len(boundary) is actually 40 now
There was a problem hiding this comment.
According to the specification, this value can be between 1 and 70. But is 40 too long?
There was a problem hiding this comment.
>96 bits of entropy is recommended so only 13 bytes is needed
There was a problem hiding this comment.
There was a problem hiding this comment.
@trim21 Can we drop the number a bit so I can include this on the next release?
There was a problem hiding this comment.
Yep. Maybe we can add a comment about the choice, to avoid future confusion/questions?
There was a problem hiding this comment.
96 bits of entropy is recommended so only 13 bytes is needed
where does this recommendation comes from?
There was a problem hiding this comment.
whatwg/html#6424 (comment)
https://andreubotella.github.io/multipart-form-data/#serializing
https://github.com/andreubotella/multipart-form-data/blob/main/index.bs#L32
Also I misremembered the recommendation it's 95 bits, so 12 bytes would be sufficient
abersheeran
left a comment
There was a problem hiding this comment.
Elegant modification.
Summary
Checklist