-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: witness not provided for fallback on routes with an alias #3428
fix: witness not provided for fallback on routes with an alias #3428
Conversation
@@ -84,7 +84,7 @@ pub fn verify_response( | |||
|
|||
fn certified_http_request(state: &State, request: HttpRequest) -> HttpResponse { | |||
let response = state.http_request(request.clone(), &[], unused_callback()); | |||
assert!(verify_response(state, &request, &response).expect("Certificate validation failed.")); | |||
let Ok(_) = verify_response(state, &request, &response) else {panic!("Response verification failed: {:#?}", response)}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't fail the test if verify_response()
returns false.
I applied the change on line 512 to master and the test failed, as expected
I applied this change as well and the test passed, when it should have failed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also I think it would be helpful to display (panic with) the ResponseVerificationError (inside the Err
) as well as the response
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for catching that! New version reports all available information
Co-authored-by: Eric Swanson <[email protected]>
Description
The asset canister does not provide all required absence proofs when the file is not found if the folders are nested deep enough with a few present files. This PR adds the last corner case that wasn't covered before and (at least in my eyes) simplifies proof generation.
Also see original bug report below
Fixes SDK-1298
How Has This Been Tested?
Added a file to the existing test case which matches the minimal repro from the bug report. Compared against
master
and there the test does not pass with the same changes.Checklist:
asset.wasm
Original bug report:
The asset canister is not providing a witness for fallback responses on routes with an alias.
For example:
If the
/hello.html
path exists in the asset canister, then making a request against/hello/world
will return a fallback to/index.html
as expected.However, if the
/hello/index.html
path exists in the asset canister then making a request against/hello/world
will not work.This is an example tree returned in this scenario:
Response verification is failing on this tree because the lookup operation is returning
Unknown
. The lookup path that returnsUnknown
is[687474705F65787072, 68656C6C6F, , 3C2A3E]
(this translates to["http_expr", "hello", ""]
). Following that path in the tree above reaches the Pruned node withDAB792DA7FEF5FEDE38CB0DA667ED0263A2B9E0F8AF18ABD1BA0BCE344452379
as it's label. Since empty string is lower thanDAB79...
it will return absent.If the asset canister provides a witness for
["http_expr", "hello", ""]
then this should fix the issue.