This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: Wrong request target in
Type: Stage: resolved
Components: Library (Lib) Versions: Python 3.6, Python 3.5, Python 2.7
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: martin.panter, python-dev, xiang.zhang
Priority: normal Keywords: patch

Created on 2016-03-22 08:56 by xiang.zhang, last changed 2022-04-11 14:58 by admin. This issue is now closed.

File name Uploaded Description Edit
request_target_in_test_httpservers.patch xiang.zhang, 2016-03-22 08:56 review
request_target_in_test_httpservers_v2.patch xiang.zhang, 2016-04-05 02:28 review
Messages (6)
msg262171 - (view) Author: Xiang Zhang (xiang.zhang) * (Python committer) Date: 2016-03-22 08:56
When requesting a resource from an origin server, the request-target in request line should always starts with a back slash. But in SimpleHTTPServerTestCase in, almost all the requests are sent without the back slash though the handler handles it well. The request lines are like 'GET tmpXXXXX HTTP/1.1'. I add the back slashes.

Maybe in SimpleHTTPRequestHandler, we should reject such invalid request-targets and then return BAD_REQUEST. And then issue2254 won't happen.
msg262803 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2016-04-02 23:03
Perhaps tempdir_name could get the slash prefixed in setUp() rather than in every test. There is one case that creates index.html which could probably be changed to use self.tempdir, and then the rest could be renamed to say self.base_url.

Rejecting requests that do not start with a slash could be a compatibility problem. Do you think potential security benefits (i.e. having unexpected variations on the format of the URL) outweigh that?

Either way, it would be good to retain a test without a slash.
msg262886 - (view) Author: Xiang Zhang (xiang.zhang) * (Python committer) Date: 2016-04-05 02:28
Get the slash prefixed path in Setup() is a good idea. I change the patch. I retain self.tempdir_name so we can use it in a test for no leading slash. The case creating index.html is OK with self.tempdir_name since we have changed our working directory to basetempdir.

I didn't think about compatibility but I know it's important. So rejecting the invalid request-targets is not a good idea to me now.
msg263096 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-04-09 13:44
New changeset 0e19f421dc9e by Martin Panter in branch '3.5':
Issue #26609: Fix HTTP server tests to request an absolute URL path

New changeset 34ebf79acd78 by Martin Panter in branch 'default':
Issue #26609: Merge HTTP tests from 3.5

New changeset 2691f81a89a7 by Martin Panter in branch '2.7':
Issue #26609: Fix HTTP server tests to request an absolute URL path
msg263097 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2016-04-09 13:46
New changeset 4f64b1c87a56 by Martin Panter in branch '2.7':
Issue #26609: Fix up Python 2 port
msg263115 - (view) Author: Martin Panter (martin.panter) * (Python committer) Date: 2016-04-09 22:31
Thanks for the patch
Date User Action Args
2022-04-11 14:58:28adminsetgithub: 70796
2016-04-09 22:31:02martin.pantersetstatus: open -> closed
versions: + Python 2.7, Python 3.5
messages: + msg263115

resolution: fixed
stage: patch review -> resolved
2016-04-09 13:46:08python-devsetmessages: + msg263097
2016-04-09 13:44:39python-devsetnosy: + python-dev
messages: + msg263096
2016-04-05 02:28:37xiang.zhangsetfiles: + request_target_in_test_httpservers_v2.patch

messages: + msg262886
2016-04-03 04:40:49martin.panterlinkissue26585 dependencies
2016-04-02 23:03:16martin.pantersetmessages: + msg262803
stage: patch review
2016-03-22 08:56:20xiang.zhangcreate