pFad - Phone/Frame/Anonymizer/Declutterfier! Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

URL: http://github.com/hyperium/http/pull/808

d40328c.css" /> Make `HeaderValue::set_sensitive` available in const contexts by archer-321 · Pull Request #808 · hyperium/http · GitHub
Skip to content

Make HeaderValue::set_sensitive available in const contexts#808

Open
archer-321 wants to merge 1 commit into
hyperium:masterfrom
archer-321:feature/set_sensitive-const
Open

Make HeaderValue::set_sensitive available in const contexts#808
archer-321 wants to merge 1 commit into
hyperium:masterfrom
archer-321:feature/set_sensitive-const

Conversation

@archer-321
Copy link
Copy Markdown

@archer-321 archer-321 commented Dec 19, 2025
edited
Loading

Make HeaderValue::set_sensitive const to allow applications to embed sensitive header values statically.

Considering embedded client secrets are generally a red flag, add a comment to the method's documentation to urge developers not to consider embedded sensitive values secure. const use of set_sensitive should be limited to use cases where the developer is aware that the embedded secret will be world-readable.

This PR implements #807

@archer-321 archer-321 mentioned this pull request Dec 19, 2025
Open
@seanmonstar
Copy link
Copy Markdown
Member

seanmonstar commented Dec 19, 2025

The MSRV doesn't like the cosnt { } expressions. I'd suggest just leaving the test case out, it doesn't do much.

@archer-321
feat(header): make HeaderValue::set_sensitive const
c837995 
Some applications like OAuth clients for GitHub or Forgejo are forced to
embed a client password into the application, even if the client is
considered public. Make `HeaderValue::set_sensitive` available in const
contexts to allow applications to mark embedded headers as sensitive.

Warn developers in `set_sensitive`'s documentation that embedded secrets
are trivial to dump and should not be considered secure.

Closes: hyperium#807
@archer-321 archer-321 force-pushed the feature/set_sensitive-const branch from d22829c to c837995 Compare December 19, 2025 18:16
@archer-321
Copy link
Copy Markdown
Author

archer-321 commented Dec 19, 2025

The MSRV doesn't like the cosnt { } expressions. I'd suggest just leaving the test case out, it doesn't do much.

Oops, I didn't remember inline-const was this recent of an addition. Updated!

@seanmonstar
Copy link
Copy Markdown
Member

seanmonstar commented Dec 19, 2025

mutable references are not allowed in constant functions

Oh that's interesting... was that relaxed in newer versions?

@archer-321
Copy link
Copy Markdown
Author

archer-321 commented Dec 19, 2025

It seems like this was added in Rust 1.83: https://blog.rust-lang.org/2024/11/28/Rust-1.83.0/#new-const-capabilities

In this case, this PR would have to be put on hold until the MSRV is increased in the future. Personally, I wouldn't consider this change important enough to warrant an MSRV bump on its own.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@archer-321 @seanmonstar
pFad - Phonifier reborn

Pfad - The Proxy pFad © 2024 Your Company Name. All rights reserved.




Check this box to remove all script contents from the fetched content.



Check this box to remove all images from the fetched content.


Check this box to remove all CSS styles from the fetched content.


Check this box to keep images inefficiently compressed and original size.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy