mirror of
https://github.com/frappe/gunicorn.git
synced 2026-07-03 19:21:29 +08:00
test: codify rejection of Content-Length list form (RFC 9112 section 6.3)
This commit is contained in:
parent
4da46edac0
commit
73e64364ca
@ -0,0 +1,5 @@
|
||||
POST /p HTTP/1.1\r\n
|
||||
Host: example.com\r\n
|
||||
Content-Length: 5, 5\r\n
|
||||
\r\n
|
||||
hello
|
||||
12
tests/requests/invalid/rfc9112_smuggle_cl_list_form_01.py
Normal file
12
tests/requests/invalid/rfc9112_smuggle_cl_list_form_01.py
Normal file
@ -0,0 +1,12 @@
|
||||
#
|
||||
# This file is part of gunicorn released under the MIT license.
|
||||
# See the NOTICE for more information.
|
||||
|
||||
# RFC 9112 section 6.3 allows Content-Length list form when all values
|
||||
# match, but gunicorn takes the safer strict view and rejects any list
|
||||
# form outright to avoid proxy/origin desync. PortSwigger HTTP Desync,
|
||||
# CL list variant.
|
||||
from gunicorn.http.errors import InvalidHeader
|
||||
request = InvalidHeader
|
||||
# The C parser (gunicorn_h1c) does not yet enforce this rule.
|
||||
python_only = True
|
||||
Loading…
x
Reference in New Issue
Block a user