diff --git a/tests/requests/invalid/rfc9112_target_asterisk_non_options_01.http b/tests/requests/invalid/rfc9112_target_asterisk_non_options_01.http new file mode 100644 index 00000000..0c068d44 --- /dev/null +++ b/tests/requests/invalid/rfc9112_target_asterisk_non_options_01.http @@ -0,0 +1,3 @@ +GET * HTTP/1.1\r\n +Host: example.com\r\n +\r\n diff --git a/tests/requests/invalid/rfc9112_target_asterisk_non_options_01.py b/tests/requests/invalid/rfc9112_target_asterisk_non_options_01.py new file mode 100644 index 00000000..a3616620 --- /dev/null +++ b/tests/requests/invalid/rfc9112_target_asterisk_non_options_01.py @@ -0,0 +1,9 @@ +# +# This file is part of gunicorn released under the MIT license. +# See the NOTICE for more information. + +# RFC 9112 section 3.2.4: asterisk-form ("*") only targets the server itself +# and is only valid with the OPTIONS method. Any other method must be +# rejected as an ill-formed request-line. +from gunicorn.http.errors import InvalidRequestLine +request = InvalidRequestLine