My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 2436: REST API: Use gzip format for get patch
1 person starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by P4R4N01...@gmail.com, Jan 28, 2014
The endpoint for 'Get Patch' (GET /changes/{change-id}/revisions/{revision-id}/patch) can have a query parameter 'zip' as per the documentation: "Adding query parameter zip (for example /changes/.../patch?zip) returns the patch as a single file inside of a ZIP archive."

Why does this return a ZIP archive if there is always only going to be one file inside? Wouldn't gzip compression be more suited? I have read that both methods use similar encoding, with zip supporting multiple files, but not sure if there would be any size reduction over using one method compared to the other. Using gzip would be more friendly to the client as library functions to interact with gzip libraries (rightly) only assume one file.
Jan 29, 2014
Project Member #1 David.Os...@gmail.com
Looks like we could add gzip compression in addition or just replace zip with gzip in [1].

[1] https://gerrit.googlesource.com/gerrit/+/master/gerrit-server/src/main/java/com/google/gerrit/server/change/GetPatch.java
Status: Accepted
Jan 29, 2014
Project Member #2 edwin.ke...@gmail.com
Please keep in mind that zipping is not only done for compressing the content, but it's also a security feature. E.g. A single file is download as zip so that the browser can't try to execute it.
Jan 29, 2014
Project Member #3 David.Os...@gmail.com
Good point, so we should't change it then.
Status: New
Jan 29, 2014
Project Member #4 edwin.ke...@gmail.com
Maybe Shawn can comment on this.
Jan 29, 2014
#5 P4R4N01...@gmail.com
@Edwin: I am suggesting to use the Gzip compression method either instead of or in addition to using zip compression to download a file (I was originally thinking using gzip instead of zip compression, but don't mind if it is an extra option). I am all for compressing the diff/content here, largely so it reduces download for the client but also the extra security you mentioned. I don't think it would be any easier for the browser to extract the gzip archive and try to execute its contents than to extract the zip file and try to execute the first file it extracted (the only one in this case).
Jan 29, 2014
Project Member #6 edwin.ke...@gmail.com
I'm not against this, I'm just saying to keep the security aspect in mind.

I've now also found the comment from Shawn about this:
  https://groups.google.com/d/msg/repo-discuss/h7Bvgns5cyY/0-R39qin51UJ
Sign in to add a comment

Powered by Google Project Hosting