On Sat, Sep 18, 2021 at 07:24:28PM -0400, Neal Gompa wrote: > On Sat, Sep 18, 2021 at 3:55 PM Demi Marie Obenour > <demiobenour@xxxxxxxxx> wrote: > > > > On 9/18/21 3:10 AM, Mattia Verga via devel wrote: > > > On 17/09/21 14:07, Ben Cotton wrote: > > >> I'm passing along a lightly-edited announcement from the Red Hat > > >> Bugzilla admins. You may have noticed this change already. The short > > >> version is that the search API now defaults to returning 20 bugs, but > > >> authenticated calls can request up to 1000. > > >> > > > Is there a safe way to authenticate a jquery ajax call without exposing > > > the api token? > > > > > > Background: Bodhi uses a javascript call to populate the list of bugs > > > associated to a package when creating a new update in the web UI form. > > > For some packages this is now broken (for example, kernel package has > > > over a thousand bugs, but as now Bodhi form will only show the first 20). > > > > > > I know that authentication to Bugzilla REST service can be done by > > > sending an Authentication header in the request. But adding that to > > > javascript code wouldn't mean to expose the API token to all? I'm a bit > > > confused how to accomplish that. At the moment, Bodhi uses no > > > authentication at all, but that would mean to fetch bugs by steps of 20 > > > (and for some packages this is way too small as it would end in sending > > > **a lot** of requests). > > > > Can the requests be performed concurrently? With HTTP/2 > > and HTTP/3, sending lots of concurrent requests is cheap. > > > > That may cause problems server-side, though. None of our services are > HTTP/2 or HTTP/3 aware/optimized, so they will not be prepared for the > load. Well, bugzilla.redhat.com does appear to use http/2. (since I am not sure when). Of course you making lots of requests at once is no indicator that the server is able to process lots of your requests at once. ;) kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
