Pass only the header name to InvalidHeader exception

Per @pajod review: the invalid header value may carry sensitive
content, and raising it through the exception could leak it
across security boundaries (browsers/proxies handling response
splitting errors). Pass just the name instead.
This commit is contained in:
Ran 2026-04-17 06:11:57 +08:00
parent 7ae6503dea
commit 38ea12629f

View File

@ -170,7 +170,11 @@ def _make_early_hints_callback(req, sock, resp):
if not TOKEN_RE.fullmatch(name):
raise InvalidHeaderName('%r' % name)
if not HEADER_VALUE_RE.fullmatch(value):
raise InvalidHeader('%r' % value)
# Pass only the name — the invalid value may contain
# sensitive data that shouldn't cross security boundaries
# via exception propagation (browsers/proxies may forward
# it to untrusted parties).
raise InvalidHeader('%r' % name)
value = value.strip(" \t")
response += f"{name}: {value}\r\n".encode('latin-1')