Skip to content

Update HttpxBroker to protocol 0.3 query semantics#7

Merged
koishore merged 1 commit into
mainfrom
fix/broker-0.3-query
Jun 10, 2026
Merged

Update HttpxBroker to protocol 0.3 query semantics#7
koishore merged 1 commit into
mainfrom
fix/broker-0.3-query

Conversation

@koishore

Copy link
Copy Markdown
Member

The sample app's HttpxBroker still refused all query strings — the 0.2.3 interim confused-deputy defense. As of delego 0.3 that's over-strict: the query is folded into the action_fingerprint, so /orders?to=me and /orders?to=attacker are different authorised actions and the broker should forward the query of the one it was given.

Changes

  • app/broker.py: refuse on has_fragment (not has_query); forward via fingerprinted_url, which since 0.3 includes the query. Matches delego's shipped NullBroker/HTTPProxyBroker. Accepts the optional token= kwarg (the §9 profile; an in-process broker trusts the decision and doesn't verify — a separated gateway would, via delego.verify_token).
  • app/main.py: the BrokerRefusal handler comment now says #fragment, not query string.
  • requirements.txt: delego>=0.3.0 (needs has_fragment + the query-bearing fingerprinted_url).
  • tests/test_broker.py (new): query forwarded, fragment refused (nothing sent), clean action sent, token kwarg accepted — httpx client stubbed, no network.

Verification

pytest -q green (11 tests: 4 new + 7 existing) against the published delego 0.3.3.

The sample broker still refused ALL queries (the 0.2.3 interim defense),
now over-strict: since 0.3 the query is folded into the action fingerprint,
so it is part of the authorised action. The broker now forwards the
fingerprint-bound query (fingerprinted_url already includes it) and refuses
only a URL #fragment (has_fragment) — matching delego's shipped NullBroker
and HTTPProxyBroker. Accepts the optional §9 token kwarg (in-process broker
trusts the decision; a separated gateway would verify). requirements: delego
>= 0.3.0. New tests/test_broker.py: query forwarded, fragment refused, clean
sent, token accepted.
@koishore koishore merged commit 2ab1a64 into main Jun 10, 2026
3 checks passed
@koishore koishore deleted the fix/broker-0.3-query branch June 10, 2026 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant