Message 254048 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	martin.panter
Recipients	martin.panter, vstinner, 신동원
Date	2015-11-04.10:48:01
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1446634081.79.0.817549166795.issue25539@psf.upfronthosting.co.za>
In-reply-to

Content
Just noticed the whitespace scenario is mentioned at <https://tools.ietf.org/html/rfc7230#section-3.2.4>: ''' No whitespace is allowed between the header field-name and colon. In the past, differences in the handling of such whitespace have led to security vulnerabilities in . . . response handling. . . . A proxy must remove any such whitespace from a response message before forwarding the message downstream. ''' It would not be possible build a proxy that does that using Python 3’s current HTTP client.

Just noticed the whitespace scenario is mentioned at <https://tools.ietf.org/html/rfc7230#section-3.2.4>:

'''
No whitespace is allowed between the header field-name and colon.  In the past, differences in the handling of such whitespace have led to security vulnerabilities in . . . response handling.  . . .  A proxy must remove any such whitespace from a response message before forwarding the message downstream.
'''

It would not be possible build a proxy that does that using Python 3’s current HTTP client.

History
Date	User	Action	Args
2015-11-04 10:48:01	martin.panter	set	recipients: + martin.panter, vstinner, 신동원
2015-11-04 10:48:01	martin.panter	set	messageid: <1446634081.79.0.817549166795.issue25539@psf.upfronthosting.co.za>
2015-11-04 10:48:01	martin.panter	link	issue25539 messages
2015-11-04 10:48:01	martin.panter	create