fix: zstd compat flag, DevTools inspector, empty-body edge case, RPC hardening#6838
Closed
StilesCrisis wants to merge 3 commits into
Closed
fix: zstd compat flag, DevTools inspector, empty-body edge case, RPC hardening#6838StilesCrisis wants to merge 3 commits into
StilesCrisis wants to merge 3 commits into
Conversation
…ncoding header When a fetch() subrequest returns Content-Encoding: zstd, workerd now: 1. Decompresses the body transparently via a new ZstdAsyncInputStream class 2. Strips the Content-Encoding header from the Response so downstream code (e.g. Cache API) doesn't re-interpret the already-decoded body as zstd This mirrors the existing gzip and brotli auto-decode behavior. Adds ZSTD to the StreamEncoding capnp enum, implements ZstdAsyncInputStream using the zstd streaming API in both system-streams.c++ and readable-source.c++, and adds KJ_FAIL_REQUIRE for the unsupported zstd output compression path. Fixes: cloudflare#5112 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds 4 readable-source tests and 2 writable-sink tests mirroring the existing gzip test suite: - Zstd encoded stream (readAllBytes) - Zstd encoded stream (pumpTo) - Zstd encoded stream (pumpTo same encoding passthrough) - Zstd encoded stream (pumpTo different encoding → gzip) - Zstd-encoding sink (throws for unsupported output compression) - Zstd-encoding sink (identity passthrough via disownEncodingResponsibility) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…cases - Add zstd_content_encoding compat flag (enabled 2026-06-21) to match the brotli_content_encoding pattern; workers on old compat dates are unaffected - Fix DevTools network inspector to decompress zstd response bodies using a new ZstdDecompressor in ResponseStreamWrapper, matching gzip/brotli handling - Fix empty-body ZSTD output: endImpl() now rejects ZSTD encoding even when no write() was called, consistent with the non-empty-body error path - Replace KJ_ASSERT with KJ_FAIL_REQUIRE in ensureIdentityEncoding() else- branches so unknown future RPC encoding values throw catchable errors instead of aborting in debug or silently corrupting in release builds Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
I have read the CLA Document and I hereby sign the CLA You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hardening fixes from code review, stacked on top of #6837. None of these are correctness fixes for the happy path — they close edge cases and improve robustness.
zstd_content_encoding(enabled 2026-06-21) to match thebrotli_content_encodingpattern; workers pinned to old compat dates are unaffectedResponseStreamWrappernow decompresses zstd response bodies for accurate network panel byte counts, matching the existing gzip/brotli handlingEncodedAsyncOutputStream::endImpl()now rejects ZSTD encoding even when nowrite()was called, consistent with theprepareWrite()error path for non-empty bodiesKJ_ASSERT(encoding == IDENTITY)withKJ_FAIL_REQUIREin bothensureIdentityEncoding()fallthrough branches so unknown future encoding values from a newer RPC peer throw a catchable error instead of aborting (debug) or silently corrupting (release)Depends on #6837.
Test plan
server-test: zstd test usescompatibilityFlags = ["zstd_content_encoding"]to opt in🤖 Generated with Claude Code