Message257447
I expect the server _is_ waiting for the end of the headers before handling the response. The problem is if you do not send the blank line, the server cannot know if you have ended the headers or if there are more to come.
Perhaps you could set a socket timeout in the server. But an attacker could still send little bits of the header very slowly (called Slow Loris attack or something I think). I think a server robust against that sort of stuff would be out of scope for SimpleHTTPServer. |
|
Date |
User |
Action |
Args |
2016-01-04 09:28:06 | martin.panter | set | recipients:
+ martin.panter, Richard Clifford |
2016-01-04 09:28:06 | martin.panter | set | messageid: <1451899686.4.0.92026933085.issue26005@psf.upfronthosting.co.za> |
2016-01-04 09:28:06 | martin.panter | link | issue26005 messages |
2016-01-04 09:28:06 | martin.panter | create | |
|