Feedback for new user agent timeout needed

48 views
Skip to first unread message

Sebastian Riedel

unread,
Jan 20, 2012, 2:29:09 PM1/20/12
to mojol...@googlegroups.com
I know a timeout like this has been requested a few times, but i'm not so sure about the actual implementation. So i'd really like to hear some feedback, chances for it getting removed again are pretty high at the moment.

https://github.com/kraih/mojo/commit/d19d7aee330aa0e823ddc7560a8a63cc01c3f713#L2R775

--
Sebastian Riedel
http://twitter.com/kraih
http://mojolicio.us


sri

unread,
Jan 21, 2012, 8:53:31 AM1/21/12
to Mojolicious
Latest version of the description should make it a bit easier to grok.

http://mojolicio.us/perldoc/Mojo/UserAgent#request_timeout

Michael Ludwig

unread,
Jan 21, 2012, 9:56:34 AM1/21/12
to Mojolicious
sri schrieb am 21.01.2012 um 05:53 (-0800):
> Latest version of the description should make it a bit easier to grok.
>
> http://mojolicio.us/perldoc/Mojo/UserAgent#request_timeout

What about LWPx::ParanoidAgent for guidance/inspiration/reuse?

https://metacpan.org/module/LWPx%3A%3AParanoidAgent

Michael

Sebastian Riedel

unread,
Jan 21, 2012, 10:00:26 AM1/21/12
to mojol...@googlegroups.com
> What about LWPx::ParanoidAgent for guidance/inspiration/reuse?

What about it?

Michael Ludwig

unread,
Jan 21, 2012, 10:08:25 AM1/21/12
to mojol...@googlegroups.com
Sebastian Riedel schrieb am 21.01.2012 um 16:00 (+0100):
> > What about LWPx::ParanoidAgent for guidance/inspiration/reuse?
>
> What about it?

Well, you wrote: "I know a timeout like this has been requested a few
times, but i'm not so sure about the actual implementation." Where by
"like this" you seem to refer to "Maximum amount of time in seconds
sending the request and receiving the whole response may take before
getting canceled" as in the POD pointer you gave. So I thought I'd point
you to LWPx::ParanoidAgent, which I think does just that, and would be
relevant for guidance/inspiration/reuse. But maybe I got you wrong.

Michael

Sebastian Riedel

unread,
Jan 21, 2012, 10:22:26 AM1/21/12
to mojol...@googlegroups.com
> So I thought I'd point you to LWPx::ParanoidAgent, which I think does just that, and would be
> relevant for guidance/inspiration/reuse. But maybe I got you wrong.


What exactly do you think we should be guided/inspired by or reuse?

sri

unread,
Jan 21, 2012, 10:43:07 AM1/21/12
to Mojolicious
I'll just take the confusion about this feature as a vote against it.

Michael Ludwig

unread,
Jan 21, 2012, 11:03:30 AM1/21/12
to mojol...@googlegroups.com
Sebastian Riedel schrieb am 21.01.2012 um 16:22 (+0100):
> > So I thought I'd point you to LWPx::ParanoidAgent, which
> > I think does just that, and would be relevant for
> > guidance/inspiration/reuse. But maybe I got you wrong.
>
> What exactly do you think we should be guided/inspired by or reuse?

Guess this was pretty clear in my last mail, wasn't it:

Well, you wrote: "I know a timeout like this has been requested a
few times, but i'm not so sure about the actual implementation."
Where by "like this" you seem to refer to "Maximum amount of time
in seconds sending the request and receiving the whole response
may take before getting canceled" as in the POD pointer you gave.

With regard to the timeout issue, compare:

This class protects you from connecting to internal IP ranges
(unless you whitelist them), hostnames/IPs that you blacklist,
remote webserver tarpitting your process (the timeout parameter
is changed to be a global timeout over the entire process), and
all combinations of redirects and DNS tricks to otherwise tarpit
and/or connect to internal resources.

https://metacpan.org/module/LWPx%3A%3AParanoidAgent

That bit of doc is misunderstandable in that the phrase "over the
entire process" might be taken to mean a process-wide timeout such
as offered by alarm(), which is not what the module does. Rather,
the wording could have been "over the whole request/response cycle".

So going back to *your* POD bit ("Maximum amount of time in seconds


sending the request and receiving the whole response may take

before getting canceled, defaults to 0."), it seems you're dealing
with the same problem, which is why the LWPx::ParanoidAgent attempt
could be thought to be of interest to you as you're asking for
feedback about the issue on this list.

Now if this hasn't clarified the issue, dann bin ich mit meinem
Latein am Ende.

Michael

Sebastian Riedel

unread,
Jan 21, 2012, 11:12:20 AM1/21/12
to mojol...@googlegroups.com
> Now if this hasn't clarified the issue, dann bin ich mit meinem
> Latein am Ende.


Ok, i think i get it now, you're basically expecting protection from malicious hosts. I was afraid it might give that impression, request_timeout was just meant as a helper for interacting with friendly backend web services that take a little too long.

sri

unread,
Jan 21, 2012, 11:33:20 AM1/21/12
to Mojolicious
And it's gone again.

https://github.com/kraih/mojo/commit/508cb2ab539d32a90f6a83d2a057decbfc5d14db

kitt kitt

unread,
Jan 21, 2012, 11:59:47 AM1/21/12
to mojol...@googlegroups.com


2012/1/22 sri <kra...@googlemail.com>
And it's gone again.'

Why? May be not much people using Mojo read this group, but they found this method usefull. Later.

sri

unread,
Jan 21, 2012, 12:06:48 PM1/21/12
to Mojolicious
> Why? May be not much people using Mojo read this group, but they found this
> method usefull. Later.

If i'm not convinced of a feature i ask for feedback on this list and/
or IRC, if it's not positive the feature doesn't make it into a
release for wider exposure.

--
sebastian

sri

unread,
Jan 21, 2012, 12:25:44 PM1/21/12
to Mojolicious
Just to be clear, this doesn't mean it has to be gone forever, you're
welcome to speak up in favor of it in this thread or open a ticket at
https://github.com/kraih/mojo/issues?sort=created&direction=desc&state=open.

--
sebastian

Roland Lammel

unread,
Jan 21, 2012, 1:01:48 PM1/21/12
to mojol...@googlegroups.com

For me it seems confusion is mostly coming from what actually is meant by the timeout.

I found the explaination very good and to the point, although my initial impression when reading request timeout was: Request timeout limits the time for the final response from the server adter the request has been sent. Redirects will not reset the timer, so you can expect your content to be available in the response or the request being canceled and an error is thrown.

Only difference would be the timeout is actually not reset for redirects, which i personally wozld prefer. It's usually the content im interested to receive "in time".

So i would vote for having a timeout built in. But woild like to see more votes.

+rl

Roland Lammel
Sent from an Android mobile.

--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To post to this group, send email to mojol...@googlegroups.com.
To unsubscribe from this group, send email to mojolicious...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/mojolicious?hl=en.

Sebastian Riedel

unread,
Jan 21, 2012, 1:06:53 PM1/21/12
to mojol...@googlegroups.com
> Only difference would be the timeout is actually not reset for redirects, which i personally wozld prefer. It's usually the content im interested to receive "in time".


This would be very very hard to implement and is very likely to interfere with our real-time features.

sri

unread,
Jan 21, 2012, 1:27:03 PM1/21/12
to Mojolicious
And it's back since the other core-devs voted in favor of it. :)

https://github.com/kraih/mojo/commit/0ee2405f8701271132b58cc05ce4d68a1fd3ecd9

sri

unread,
Jan 24, 2012, 2:53:38 PM1/24/12
to Mojolicious
The timeout has been improved again and now also covers establishing a
connection.

https://github.com/kraih/mojo/commit/ebb6741e0e72133467b58ecdd022d06d5cdcd654#L0R778
Reply all
Reply to author
Forward
0 new messages