wisp icon indicating copy to clipboard operation
wisp copied to clipboard
verified publisher icon gleam-wisp

Not enforcing secret key base size in handler definition

Open m4reko opened this issue 2 months ago • 2 comments

I noticed that appropriate size of the secret_key_base is ensured in set_secret_key_base but not when creating a wisp_mist.handler. Is this intentional for some reason?

m4reko avatar Oct 16 '25 20:10 m4reko

Hello! What behaviour did you have in mind?

lpil avatar Nov 02 '25 11:11 lpil

This runs fine:

pub fn main() {
  let too_short_key_base = wisp.random_string(63)
  wisp_mist.handler(fn(_) { wisp.html_response("", 200) }, too_short_key_base)
}

But this panics:

pub fn main() {
  let request = simulate.request(http.Get, "/")
  let too_short_key_base = wisp.random_string(63)
  wisp.set_secret_key_base(request, too_short_key_base)
}

My assumption was that the first example would panic as well.

m4reko avatar Nov 02 '25 22:11 m4reko