Gateway: Remove all form-encoded support

This causes issues, at the least, with compressed messages that 'look' like they decompressed body is form-encoded. 18385 messages in the last month rejected due to this. No actually valid form-encoded messages in that time frame.
2025-04-22 03:20:29 +03:00 · 2022-06-16 13:27:11 +01:00 · 2022-06-16 13:27:11 +01:00 · ff83ede948
commit ff83ede948
parent a6fa60431a
2 changed files with 4 additions and 38 deletions
--- a/docs/Developers.md
+++ b/docs/Developers.md
@ -127,14 +127,13 @@ The body of an EDDN message is a JSON object in UTF-8 encoding.  If you do not
 compress this body then you MUST set a `Content-Type` header of
 `applicaton/json`.

-For historical reasons URL form-encoded data *is* supported, **but this is
-deprecated and no new software should attempt this method**.  We
-purposefully do not further document the exact format for this.
-
 You *MAY* use gzip compression on the body of the message, but it is not
 required.  If you do compress the body then you **MUST* send a `Content-Type`
 header of `gzip` instead of `application/json`.

+**Due to issues when messages are compressed, form-encoded data is NO LONGER
+SUPPORTED as of 2022-06-16.**
+
 You should be prepared to handle all scenarios where sending of a message
 fails:

--- a/src/eddn/Gateway.py
+++ b/src/eddn/Gateway.py
@ -9,7 +9,6 @@ import gevent
 import hashlib
 import logging
 import simplejson
-import urlparse
 import zlib
 import zmq.green as zmq
 from datetime import datetime
@ -167,42 +166,10 @@ def get_decompressed_message():
            message_body = zlib.decompress(request.body.read(), -15)
            logger.debug('Resulting message_body:\n%s\n' % (message_body))

-        # At this point, we're not sure whether we're dealing with a straight
-        # un-encoded POST body, or a form-encoded POST. Attempt to parse the
-        # body. If it's not form-encoded, this will return an empty dict.
-        form_enc_parsed = urlparse.parse_qs(message_body)
-        if form_enc_parsed:
-            logger.info('Request is form-encoded, compressed, from %s' % (get_remote_address()))
-            # This is a form-encoded POST. The value of the data attrib will
-            # be the body we're looking for.
-            try:
-                message_body = form_enc_parsed['data'][0]
-
-            except (KeyError, IndexError):
-                logger.error('form-encoded, compressed, upload did not contain a "data" key. From %s', get_remote_address())
-                raise MalformedUploadError(
-                    "No 'data' POST key/value found. Check your POST key "
-                    "name for spelling, and make sure you're passing a value."
-                )
-
-        else:
-            logger.debug('Request is *NOT* form-encoded')
-
    else:
        logger.debug('Content-Encoding indicates *not* compressed...')

-        # Uncompressed request. Bottle handles all of the parsing of the
-        # POST key/vals, or un-encoded body.
-        data_key = request.forms.get('data')
-        if data_key:
-            logger.info('Request is form-encoded, uncompressed, from %s' % (get_remote_address()))
-            # This is a form-encoded POST. Support the silly people.
-            message_body = data_key
-
-        else:
-            logger.debug('Plain POST request detected...')
-            # This is a non form-encoded POST body.
-            message_body = request.body.read()
+        message_body = request.body.read()

    return message_body