On Sat, Sep 18, 2021 at 07:24:28PM -0400, Neal Gompa wrote:
On Sat, Sep 18, 2021 at 3:55 PM Demi Marie Obenour
<demiobenour(a)gmail.com> wrote:
>
> On 9/18/21 3:10 AM, Mattia Verga via devel wrote:
> > On 17/09/21 14:07, Ben Cotton wrote:
> >> I'm passing along a lightly-edited announcement from the Red Hat
> >> Bugzilla admins. You may have noticed this change already. The short
> >> version is that the search API now defaults to returning 20 bugs, but
> >> authenticated calls can request up to 1000.
> >>
> > Is there a safe way to authenticate a jquery ajax call without exposing
> > the api token?
> >
> > Background: Bodhi uses a javascript call to populate the list of bugs
> > associated to a package when creating a new update in the web UI form.
> > For some packages this is now broken (for example, kernel package has
> > over a thousand bugs, but as now Bodhi form will only show the first 20).
> >
> > I know that authentication to Bugzilla REST service can be done by
> > sending an Authentication header in the request. But adding that to
> > javascript code wouldn't mean to expose the API token to all? I'm a
bit
> > confused how to accomplish that. At the moment, Bodhi uses no
> > authentication at all, but that would mean to fetch bugs by steps of 20
> > (and for some packages this is way too small as it would end in sending
> > **a lot** of requests).
>
> Can the requests be performed concurrently? With HTTP/2
> and HTTP/3, sending lots of concurrent requests is cheap.
>
That may cause problems server-side, though. None of our services are
HTTP/2 or HTTP/3 aware/optimized, so they will not be prepared for the
load.
Well,
bugzilla.redhat.com does appear to use http/2. (since I am not
sure when).
Of course you making lots of requests at once is no indicator that the
server is able to process lots of your requests at once. ;)
kevin