anti
dd807bc55e
The fingerprint payload beacons fingerprint data as base64url JSON in GET query params: ?o=1 for the bare-open beacon, ?d=<blob> for a single-shot dump, or ?s/i/n/d=<chunk> for chunked dumps. Until now those params were buried inside request_path; consumers had to parse the URL themselves. Worker now extracts them in _extract_fingerprint and merges into raw_headers under reserved _fp* keys: * _fp_open — bare-open marker * _fp — decoded fingerprint dict (single-shot path) * _fp_sid/idx/total/chunk — chunked metadata + raw base64 (reassembly is a downstream concern, not the worker's job) * _fp_decode_error / _fp_oversize — failure markers for trash dumps Per-chunk size capped at 8KB so an attacker spamming /c/<known_slug> can't inflate trigger rows indefinitely. Decode failures degrade gracefully — the trigger row still records the hit, just with a _fp_decode_error flag instead of structured fingerprint data. Tests cover the single-shot decode, bare-open flag, chunked metadata, malformed input, and oversize drop paths.
8.1 KiB
8.1 KiB