PJ Eby added the comment: The fix for the server looks ok, but the validation and tests must not be changed, since they void spec compatibility and aren't a bug fix (and so must not be added to 2.7.) Indeed, if the validation library *doesn't* fail on CRLF, then *that* would be a bug, since it's supposed to tell you about every verifiable spec violation.
Also, simple_server *should* unfold multiline headers, if it's not already doing so. (If it's not, it is a bug and can therefore be fixed in 2.7.) On Tue, Dec 9, 2014 at 10:58 AM, Tom Tanner <rep...@bugs.python.org> wrote: > > Tom Tanner added the comment: > > This is actually more complicated than I initially thought. > According to > https://www.python.org/dev/peps/pep-3333/#the-start-response-callable > "Each header_value must not include any control characters, including > carriage returns or linefeeds, either embedded or at the end. (These > requirements are to minimize the complexity of any parsing that must be > performed by servers, gateways, and intermediate response processors that > need to inspect or modify response headers.) " > > There's a discussion at > https://mail.python.org/pipermail/web-sig/2006-September/002244.html > > It think the spec should be changed as parsing multi-line headers is really > simple and sometimes necessary (e.g., when passing the X.509 client > certificate). > > Anyway, attached you find a patch for Python 2.7.8 which includes a test and > allows CR/LF in header values. > > ---------- > Added file: http://bugs.python.org/file37401/wsgi.diff > > _______________________________________ > Python tracker <rep...@bugs.python.org> > <http://bugs.python.org/issue21114> > _______________________________________ ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue21114> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
