Re: [boost] [http] Formal review of Boost.Http

On Sat, Aug 15, 2015 at 5:16 AM, Vinícius dos Santos Oliveira < vini.ipsmaker@gmail.com> wrote:

2015-08-14 19:42 GMT-03:00 Tom Kent :

...

Some more that seem important, but I'm not sure: * Cookies - this seems like a pretty basic server functionality. Is this a hard thing to add?

Cookies by themself are not so useful. You usually will want a session abstraction. A good session abstraction is tricky to get. Dynamic languages have the freedom to replace/inject anything they want, so they almost always get the features. If you aren't careful, you'll end up with two APIs, one for server-side data sessions and client-side data sessions. And there other points to study (different session backends like DB-baked, memory-baked...).

I guess that's where my lack of understanding of the subject matter comes in. I just assumed that the http layer would simply provide the cookies for a request, then the application's layer would handle making sessions.

* Forms/File Uploads - Does this imply that it doesn't support POST? I feel

...

like the initial implementation should at least support GET & POST.

POST is supported, but if you handle the message format used by web browsers, you'll have to parse the body yourself. A parser for forms and file uploads should be added to ease our lives.

This *must* be explained in the documentation!

[...] supporting TLS (is this a feature?

...

If not this would be a show-stopper) [...]

Yes, TLS is supported.

I even tried to advertise on the front page: https://boostgsoc14.github.io/boost.http/

I now see the introduction that says something like 'SSL is supported'. This needs to be seriously expanded in the documentation. At the very minimum there should be an example showing how to setup a TLS connection. Tom