Post AdZPC4OUBkUGmJu9h2 by phoe@functional.cafe
 (DIR) More posts by phoe@functional.cafe
 (DIR) Post #AdZPC4OUBkUGmJu9h2 by phoe@functional.cafe
       2024-01-06T13:01:54Z
       
       0 likes, 0 repeats
       
       Hey look, a real-life case of internbombing - or, why letting people write arbitrary stuff into your keyword package is a bad idea.https://github.com/edicl/drakma/issues/140#commonlisp #lisp #trivia
       
 (DIR) Post #AdZPC5MOb0PRm7w04e by galdor@emacs.ch
       2024-01-06T13:11:52Z
       
       0 likes, 0 repeats
       
       @phoe Wait Drakma interns header field names by default? This is both bad for security (symbol exhaustion) and because it removes information from the response. Yes header field names are supposed to be case insensitive, but also yes some system rely on the case, and being able to reproduce exactly the response can be useful.
       
 (DIR) Post #AdZeMrxMGnS8hZp7dw by zyd@emacs.ch
       2024-01-06T16:01:55Z
       
       0 likes, 0 repeats
       
       @galdor @phoe yeah... could use nginx to work around the bad security (be explicit in what headers you allow) https://github.com/edicl/hunchentoot/issues/24#issuecomment-1256467200