This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients maxpl0it, orsenthil, vstinner
Date 2020-02-11.12:29:20
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
> The recommended solution is to only allow the standard HTTP methods of GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, and PATCH.

I don't think that we have to be so strict. We can maybe restrict the HTTP method to ASCII letters, or just reject control characters (U+0000-U+001f).

Similar issues (fixed):

Date User Action Args
2020-02-11 12:29:20vstinnersetrecipients: + vstinner, orsenthil, maxpl0it
2020-02-11 12:29:20vstinnersetmessageid: <>
2020-02-11 12:29:20vstinnerlinkissue39603 messages
2020-02-11 12:29:20vstinnercreate