update LRO customization guidance (Azure#44782)

xiangyan99 · web-flow · commit a65d72725dc1 · 2026-01-21T15:01:03.000-08:00
diff --git a/doc/dev/customize_long_running_operation.md b/doc/dev/customize_long_running_operation.md
@@ -323,10 +323,32 @@ class CustomPollingMethod(PollingMethod):
 
         In standard LROs, the PipelineResponse is serialized here, however, there may be a need to
         customize this further depending on your scenario.
-        """
-        import pickle
 
-        return base64.b64encode(pickle.dumps(self._initial_response)).decode("ascii")
+        It's recommended to:
+        1. Include a version number for future compatibility.
+        2. Filter headers to only include those needed for LRO rehydration, avoiding sensitive data.
+        """
+        import json
+
+        # Headers needed for LRO rehydration - use an allowlist approach for security
+        lro_headers = {"operation-location", "location", "content-type", "retry-after"}
+        response = self._initial_response.http_response
+        filtered_headers = {k: v for k, v in response.headers.items() if k.lower() in lro_headers}
+
+        # Use a versioned token schema: {"version": <int>, "data": <your state>}
+        # This allows for future compatibility checking when deserializing
+        token = {
+            "version": 1,
+            "data": {
+                "file_id": self.file_id,
+                "response": {
+                    "status_code": response.status_code,
+                    "headers": filtered_headers,
+                    "content": base64.b64encode(response.content).decode("ascii"),
+                },
+            },
+        }
+        return base64.b64encode(json.dumps(token).encode("utf-8")).decode("ascii")
 
     @classmethod
     def from_continuation_token(cls, continuation_token: str, **kwargs: Any) -> Tuple[Any, PipelineResponse, Callable]:
@@ -345,12 +367,23 @@ class CustomPollingMethod(PollingMethod):
                 "Need kwarg 'deserialization_callback' to be recreated from continuation_token"
             )
 
-        import pickle
+        import json
+
+        token = json.loads(base64.b64decode(continuation_token).decode("utf-8"))
+
+        # Validate token schema and version for compatibility
+        if not isinstance(token, dict) or "version" not in token or "data" not in token:
+            raise ValueError("Invalid continuation token format.")
+        if token["version"] != 1:
+            raise ValueError(
+                "This continuation token is not compatible with this version. "
+                "It may have been generated by a different version."
+            )
 
-        initial_response = pickle.loads(base64.b64decode(continuation_token))  # nosec
-        # Restore the transport in the context
-        initial_response.context.transport = client._client._pipeline._transport  # pylint: disable=protected-access
-        return client, initial_response, deserialization_callback
+        # Extract the state from the "data" field
+        state = token["data"]
+        # The file_id and other state can be extracted and used to resume polling
+        return client, state, deserialization_callback
 ```
 
 And now, to plug into the client code:
