[Web-SIG] Output header encodings? (was Re: Backup plan: WSGI 1 Addenda and wsgiref update for Py3)

Ian Bicking ianb at colorstudy.com
Thu Sep 23 20:46:27 CEST 2010

On Thu, Sep 23, 2010 at 11:17 AM, Ian Bicking <ianb at colorstudy.com> wrote:

>  If these headers accidentally contain non-Latin1 characters, the error
>> isn't detectable until the header reaches the origin server doing the
>> transmission encoding, and it'll likely be a dynamic (and therefore
>> hard-to-debug) error.
> I don't see any reason why Location shouldn't be ASCII.  Any header could
> have any character put in it, of course, there's just no valid case where
> Location shouldn't be a URL, and URLs are ASCII.  Cookie can contain
> weirdness, yes.  I would expect any library that abstracts cookies to handle
> this (it's certainly doable)... otherwise, this seems like one among many
> ways a person can do the wrong thing.

Minor correction, Set-Cookie, not Cookie.  Good practice is to stick to
ASCII even there (all other techniques have a high risk of mojibake), so
we're really considering legacy integration.  Note that a similar problem is
using [('Content-length', len(body))] -- which also results in a sometimes
confusing error message well away from the application itself.

Generally without validation any data errors occur away from the
application.  A type error is not any different than an encoding error.
Using bytes removes a possible encoding error, but IMHO has a greater chance
of type errors (as bytes are not as natural as text in most cases).
Validation can check all aspects, including encoding (simply by doing a test

Consider this hello world:

def app(environ, start_response):
    body = b'Hello World'
    start_response(b'200 OK', [(b'Content-Type',
    return [body]

str(len(body)).encode('ascii')?!?  Yuck.  Also no 2to3 fixup can help
there.  bytes(len(body)) does something weird.

Ian Bicking  |  http://blog.ianbicking.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/web-sig/attachments/20100923/0d997a81/attachment.html>

More information about the Web-SIG mailing list