Subject: Re: [boost] [http] Formal review of Boost.Http
From: Tom Kent (lists_at_[hidden])
Date: 2015-08-15 08:19:37
On Sat, Aug 15, 2015 at 5:16 AM, VinÃcius dos Santos Oliveira <
> 2015-08-14 19:42 GMT-03:00 Tom Kent <lists_at_[hidden]>:
> > Some more that seem important, but I'm not sure:
> > * Cookies - this seems like a pretty basic server functionality. Is this
> > hard thing to add?
> Cookies by themself are not so useful. You usually will want a session
> abstraction. A good session abstraction is tricky to get. Dynamic languages
> have the freedom to replace/inject anything they want, so they almost
> always get the features. If you aren't careful, you'll end up with two
> APIs, one for server-side data sessions and client-side data sessions. And
> there other points to study (different session backends like DB-baked,
I guess that's where my lack of understanding of the subject matter comes
in. I just assumed that the http layer would simply provide the cookies for
a request, then the application's layer would handle making sessions.
> * Forms/File Uploads - Does this imply that it doesn't support POST? I feel
> > like the initial implementation should at least support GET & POST.
> POST is supported, but if you handle the message format used by web
> browsers, you'll have to parse the body yourself. A parser for forms and
> file uploads should be added to ease our lives.
This *must* be explained in the documentation!
> [...] supporting TLS (is this a feature?
> > If not this would be a show-stopper) [...]
> Yes, TLS is supported.
> I even tried to advertise on the front page:
I now see the introduction that says something like 'SSL is supported'.
This needs to be seriously expanded in the documentation. At the very
minimum there should be an example showing how to setup a TLS connection.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk