Message 329851 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	quentel
Recipients	demian.brecht, facundobatista, fdrake, martin.panter, orsenthil, quentel, remi.lapeyre, v+python
Date	2018-11-13.15:29:05
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1542122945.13.0.788709270274.issue10486@psf.upfronthosting.co.za>
In-reply-to

Content
The QUERY_STRING value is always set by the code at lines 1135-1137 of http.server: for k in ('QUERY_STRING', 'REMOTE_HOST', 'CONTENT_LENGTH', 'HTTP_USER_AGENT', 'HTTP_COOKIE', 'HTTP_REFERER'): env.setdefault(k, "") The RFC for CGI has not evolved since 2004, probably because the technology is stable, and also because other, more efficient protocols have been defined to avoid the "CGI overhead" (FastCGI for instance). I think that http.server should only implement the "meta-variables" defined in RFC 3875: - AUTH_TYPE CONTENT_LENGTH CONTENT_TYPE GATEWAY_INTERFACE PATH_INFO PATH_TRANSLATED QUERY_STRING REMOTE_ADDR REMOTE_HOST REMOTE_IDENT REMOTE_USER REQUEST_METHOD SCRIPT_NAME SERVER_NAME SERVER_PORT SERVER_PROTOCOL SERVER_SOFTWARE. Some of these must always be set (eg QUERY_STRING, REQUEST_METHOD, SERVER_NAME...) but for other ones, there are conditions (for instance for CONTENT_LENGTH: "The server MUST set this meta-variable if and only if the request is accompanied by a message-body entity") - "protocol-specific meta variables" : for HTTP, variables determined by the HTTP request headers such as HTTP_COOKIE (cf section 4.1.18. Protocol-Specific Meta-Variables) Other meta variables are probably beyond the scope of a module in the standard library. In short, in my opinion the issue can be closed.

The QUERY_STRING value is always set by the code at lines 1135-1137 of http.server:

    for k in ('QUERY_STRING', 'REMOTE_HOST', 'CONTENT_LENGTH',
              'HTTP_USER_AGENT', 'HTTP_COOKIE', 'HTTP_REFERER'):
        env.setdefault(k, "")

The RFC for CGI has not evolved since 2004, probably because the technology is stable, and also because other, more efficient protocols have been defined to avoid the "CGI overhead" (FastCGI for instance).

I think that http.server should only implement the "meta-variables" defined in RFC 3875:
- AUTH_TYPE  CONTENT_LENGTH CONTENT_TYPE  GATEWAY_INTERFACE PATH_INFO  PATH_TRANSLATED QUERY_STRING  REMOTE_ADDR REMOTE_HOST  REMOTE_IDENT REMOTE_USER  REQUEST_METHOD SCRIPT_NAME  SERVER_NAME SERVER_PORT  SERVER_PROTOCOL SERVER_SOFTWARE. Some of these must always be set (eg QUERY_STRING, REQUEST_METHOD, SERVER_NAME...) but for other ones, there are conditions (for instance for CONTENT_LENGTH: "The server MUST set this meta-variable if and only if the request is accompanied by a message-body entity")
- "protocol-specific meta variables" : for HTTP, variables determined by the HTTP request headers such as HTTP_COOKIE (cf section 4.1.18.  Protocol-Specific Meta-Variables)

Other meta variables are probably beyond the scope of a module in the standard library.

In short, in my opinion the issue can be closed.

History
Date	User	Action	Args
2018-11-13 15:29:05	quentel	set	recipients: + quentel, fdrake, facundobatista, orsenthil, v+python, martin.panter, demian.brecht, remi.lapeyre
2018-11-13 15:29:05	quentel	set	messageid: <1542122945.13.0.788709270274.issue10486@psf.upfronthosting.co.za>
2018-11-13 15:29:05	quentel	link	issue10486 messages
2018-11-13 15:29:05	quentel	create