Message 235762 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ngierman
Recipients	ngierman
Date	2015-02-11.18:40:23
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1423680023.83.0.120732364895.issue23448@psf.upfronthosting.co.za>
In-reply-to

Content
Using a scoped IPv6 address with urllib2 creates an invalid Host header that Apache will not accept. IP = "fe80::0000:0000:0000:0001%eth0" req = urllib2.Request("http://[" + IP + "]/") req.add_header('Content-Type', 'application/json') res = urllib2.urlopen(req, json.dumps(data)) Apache will reject the above request because the Host header is "[fe80::0000:0000:0000:0001%eth0]". This behavior was reported to Apache at https://issues.apache.org/bugzilla/show_bug.cgi?id=35122 and the Apache devs will not fix this as there are new RFCs prohibiting scopes in the Host header. Firefox had the same issue and their fix was to strip out the scope from the Host header: https://bugzilla.mozilla.org/show_bug.cgi?id=464162 and http://hg.mozilla.org/mozilla-central/rev/bb80e727c531. My suggestion is to change urllib2.py's do_request_ method from: if not request.has_header('Host'): request.add_unredirected_header('Host', sel_host) to: if not request.has_header('Host'): request.add_unredirected_header('Host', re.compile(r"%.$").sub("", sel_host, 1)) I have not tested this patch to urllib2.py however I am now using similar logic in my code to override the Host header when I create my request: IP = "fe80::0000:0000:0000:0001%eth0" req = urllib2.Request("http://[" + IP + "]/") req.add_header('Host', '[' + re.compile(r"%.").sub("", IP, 1) + ']') req.add_header('Content-Type', 'application/json') res = urllib2.urlopen(req, json.dumps(data))

Using a scoped IPv6 address with urllib2 creates an invalid Host header that Apache will not accept.

        IP = "fe80::0000:0000:0000:0001%eth0"
        req = urllib2.Request("http://[" + IP + "]/")
        req.add_header('Content-Type', 'application/json')
        res = urllib2.urlopen(req, json.dumps(data))

Apache will reject the above request because the Host header is "[fe80::0000:0000:0000:0001%eth0]". This behavior was reported to Apache at https://issues.apache.org/bugzilla/show_bug.cgi?id=35122 and the Apache devs will not fix this as there are new RFCs prohibiting scopes in the Host header. Firefox had the same issue and their fix was to strip out the scope from the Host header: https://bugzilla.mozilla.org/show_bug.cgi?id=464162 and http://hg.mozilla.org/mozilla-central/rev/bb80e727c531.

My suggestion is to change urllib2.py's do_request_ method from:

        if not request.has_header('Host'):
            request.add_unredirected_header('Host', sel_host)

to:

        if not request.has_header('Host'):
            request.add_unredirected_header('Host', re.compile(r"%.*$").sub("", sel_host, 1))

I have not tested this patch to urllib2.py however I am now using similar logic in my code to override the Host header when I create my request:

        IP = "fe80::0000:0000:0000:0001%eth0"
        req = urllib2.Request("http://[" + IP + "]/")
        req.add_header('Host', '[' + re.compile(r"%.*").sub("", IP, 1) + ']')
        req.add_header('Content-Type', 'application/json')
        res = urllib2.urlopen(req, json.dumps(data))

History
Date	User	Action	Args
2015-02-11 18:40:23	ngierman	set	recipients: + ngierman
2015-02-11 18:40:23	ngierman	set	messageid: <1423680023.83.0.120732364895.issue23448@psf.upfronthosting.co.za>
2015-02-11 18:40:23	ngierman	link	issue23448 messages
2015-02-11 18:40:23	ngierman	create