This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author martin.panter
Recipients Richard Clifford, martin.panter
Date 2016-01-04.09:28:06
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1451899686.4.0.92026933085.issue26005@psf.upfronthosting.co.za>
In-reply-to
Content
I expect the server _is_ waiting for the end of the headers before handling the response. The problem is if you do not send the blank line, the server cannot know if you have ended the headers or if there are more to come.

Perhaps you could set a socket timeout in the server. But an attacker could still send little bits of the header very slowly (called Slow Loris attack or something I think). I think a server robust against that sort of stuff would be out of scope for SimpleHTTPServer.
History
Date User Action Args
2016-01-04 09:28:06martin.pantersetrecipients: + martin.panter, Richard Clifford
2016-01-04 09:28:06martin.pantersetmessageid: <1451899686.4.0.92026933085.issue26005@psf.upfronthosting.co.za>
2016-01-04 09:28:06martin.panterlinkissue26005 messages
2016-01-04 09:28:06martin.pantercreate