directus
Truncate User Agent to 255 Chars before going into DB
Scope
What's changed:
- Truncate the User-Agent everywhere that it is saved in the API.
Potential Risks / Drawbacks
- User-Agents over 255 characters will not be complete.
Review Notes / Questions
- None
Fixes #19642
⚠️ No Changeset found
Latest commit: e3238d4a50df4fb3e78f1dc0437fad8b06342c64
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
This PR includes no changesets
When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
![changeset-bot[bot] avatar](https://avatars.githubusercontent.com/in/28616?v=4 "Published by a pub.dev verified publisher"){kind=small}
User agents should never be used for actual logic anyway so i wouldnt call it a "risk" ;) they're just a reference value that can easily changed/mocked/spoofed
User agents should never be used for actual logic anyway so i wouldnt call it a "risk" ;) they're just a reference value that can easily changed/mocked/spoofed
Correct, it's more of a small drawback that some info might be incomplete. But we cannot guarantee to store the full header anyway, even if we use a bigger field size, as the header itself has no official limit 😅
Wouldn't it be sufficient to only truncate it inside the activity service, where the object is actually getting persisted?
https://github.com/directus/directus/blob/70de6168b880470c5aebc9cd7ff07b9816e4ef84/api/src/services/activity.ts#L30
Not really, because insertion of user_agent into the database happens in ActivityService.CreateOne, ItemService.CreateMany, and then also knex.insert. There really isn't a consistent place to intercept the user_agent in one spot.