[issue21114] wsgiref.simple_server doesn't handle multi-line headers correctly
Tom Tanner
report at bugs.python.org
Tue Dec 9 16:58:22 CET 2014
Tom Tanner added the comment:
This is actually more complicated than I initially thought.
According to https://www.python.org/dev/peps/pep-3333/#the-start-response-callable
"Each header_value must not include any control characters, including carriage returns or linefeeds, either embedded or at the end. (These requirements are to minimize the complexity of any parsing that must be performed by servers, gateways, and intermediate response processors that need to inspect or modify response headers.) "
There's a discussion at https://mail.python.org/pipermail/web-sig/2006-September/002244.html
It think the spec should be changed as parsing multi-line headers is really simple and sometimes necessary (e.g., when passing the X.509 client certificate).
Anyway, attached you find a patch for Python 2.7.8 which includes a test and allows CR/LF in header values.
----------
Added file: http://bugs.python.org/file37401/wsgi.diff
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue21114>
_______________________________________
More information about the Python-bugs-list
mailing list