New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong request target in test_httpservers.py #70796
Comments
When requesting a resource from an origin server, the request-target in request line should always starts with a back slash. But in SimpleHTTPServerTestCase in test_httpservers.py, almost all the requests are sent without the back slash though the handler handles it well. The request lines are like 'GET tmpXXXXX HTTP/1.1'. I add the back slashes. Maybe in SimpleHTTPRequestHandler, we should reject such invalid request-targets and then return BAD_REQUEST. And then bpo-2254 won't happen. |
Perhaps tempdir_name could get the slash prefixed in setUp() rather than in every test. There is one case that creates index.html which could probably be changed to use self.tempdir, and then the rest could be renamed to say self.base_url. Rejecting requests that do not start with a slash could be a compatibility problem. Do you think potential security benefits (i.e. having unexpected variations on the format of the URL) outweigh that? Either way, it would be good to retain a test without a slash. |
Get the slash prefixed path in Setup() is a good idea. I change the patch. I retain self.tempdir_name so we can use it in a test for no leading slash. The case creating index.html is OK with self.tempdir_name since we have changed our working directory to basetempdir. I didn't think about compatibility but I know it's important. So rejecting the invalid request-targets is not a good idea to me now. |
New changeset 0e19f421dc9e by Martin Panter in branch '3.5': New changeset 34ebf79acd78 by Martin Panter in branch 'default': New changeset 2691f81a89a7 by Martin Panter in branch '2.7': |
New changeset 4f64b1c87a56 by Martin Panter in branch '2.7': |
Thanks for the patch |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: