glm-5.1
f9d7b8112b
Break down findings from review #002 into dependency-ordered fix tasks: Critical/High: - fix/acme-contact-and-challenge (C1+C2): Add acme_contact field, wire to ACME, remove unused challenge_config, add validation rule 19 - fix/remove-health-and-hardcode-https (W5+W14+ADR-022): Remove /health from main listener, hardcode X-Forwarded-Proto to https - fix/config-reload-static-drift (C4): Use ArcSwap<StaticConfig> so reload diffs against last config, not startup config - fix/access-logging (W13): Wire up log_request! macro for every proxied request with client_ip, host, method, path, status, upstream, duration_ms Medium: - fix/graceful-shutdown (W1+W7): Join HTTPS tasks with timeout instead of abort, add shutdown signal to admin socket and eviction task - fix/connect-timeout (W4): Wire upstream_connect_timeout_secs to enforce separate connect timeout Low/Independent: - fix/token-bucket-nanosecond (W6): Use as_nanos() instead of as_millis() - fix/normalize-host-ipv6 (S3): Handle IPv6 bracket notation in normalize_host - fix/http-port-validation (S1): Validate http_port in range 0 or 1-65535 - fix/integration-test-toml (S10): Fix double-nested listeners.listeners.sites - fix/logging-test-global-subscriber (W9): Use try_init() to avoid test conflicts - fix/fragile-error-detection (W3): Add typed error matching or documented string match - fix/add-code-comments (C3,W8,W10,W11,S9): Document correct-but-non-obvious behaviors - fix/request-timeout-scope (S8): Document full-request timeout scope - fix/clean-dead-code (S4+S2): Remove dead_code annotations, add #[non_exhaustive] Review gate: - review/post-fix-review: Verify all fixes against architecture spec
50 lines
1.7 KiB
Markdown
50 lines
1.7 KiB
Markdown
---
|
|
id: fix/request-timeout-scope
|
|
name: Document request timeout scope and add Server header removal comment
|
|
status: pending
|
|
depends_on: []
|
|
scope: single
|
|
risk: trivial
|
|
impact: isolated
|
|
level: implementation
|
|
review_findings: [S8]
|
|
---
|
|
|
|
## Description
|
|
|
|
Review finding S8 notes that the request timeout applies to the entire HTTP exchange, not just the connection or first-byte response. For large file downloads or slow upstreams, this means a 60-second timeout kills the response even if the upstream is actively sending data.
|
|
|
|
The review marks this as "acceptable for Phase 1" and the timeout name (`upstream_request_timeout_secs`) is documented as applying to the full request. However, the code should clearly document this behavior so it's not surprising.
|
|
|
|
### Changes Required
|
|
|
|
**`src/proxy/handler.rs`**:
|
|
- Add a comment above the timeout wrapping in `proxy_handler`:
|
|
```rust
|
|
// The timeout covers the entire HTTP round-trip including response body
|
|
// streaming. For large file downloads or slow upstreams, this means the
|
|
// timeout kills the response even if the upstream is actively sending data.
|
|
// A more precise timeout would apply only to connect + first-byte, then
|
|
// stream the body without a timeout. The `upstream_connect_timeout_secs`
|
|
// field in SiteConfig exists for a separate connect timeout (see W4).
|
|
// For Phase 1, this full-request timeout is acceptable.
|
|
```
|
|
|
|
## Acceptance Criteria
|
|
|
|
- [ ] Comment documents the timeout scope
|
|
- [ ] No code behavior change
|
|
- [ ] `cargo clippy` passes with no warnings
|
|
|
|
## References
|
|
|
|
- docs/reviews/002-implementation-review.md — S8 finding
|
|
- src/proxy/handler.rs — timeout wrapping
|
|
|
|
## Notes
|
|
|
|
> To be filled by implementation agent
|
|
|
|
## Summary
|
|
|
|
> To be filled on completion |