From 62252223e0b4330e9153614bad08da060a3de1d9 Mon Sep 17 00:00:00 2001 From: Benoit Chesneau Date: Sun, 19 Apr 2026 11:23:00 +0200 Subject: [PATCH] test: codify rejection of relative-reference request-target (RFC 9112 section 3.2) --- .../requests/invalid/rfc9112_target_relative_01.http | 3 +++ tests/requests/invalid/rfc9112_target_relative_01.py | 11 +++++++++++ 2 files changed, 14 insertions(+) create mode 100644 tests/requests/invalid/rfc9112_target_relative_01.http create mode 100644 tests/requests/invalid/rfc9112_target_relative_01.py diff --git a/tests/requests/invalid/rfc9112_target_relative_01.http b/tests/requests/invalid/rfc9112_target_relative_01.http new file mode 100644 index 00000000..7b51983f --- /dev/null +++ b/tests/requests/invalid/rfc9112_target_relative_01.http @@ -0,0 +1,3 @@ +GET foo/bar HTTP/1.1\r\n +Host: example.com\r\n +\r\n diff --git a/tests/requests/invalid/rfc9112_target_relative_01.py b/tests/requests/invalid/rfc9112_target_relative_01.py new file mode 100644 index 00000000..ea6bb9e2 --- /dev/null +++ b/tests/requests/invalid/rfc9112_target_relative_01.py @@ -0,0 +1,11 @@ +# +# This file is part of gunicorn released under the MIT license. +# See the NOTICE for more information. + +# RFC 9112 section 3.2: request-target must be one of origin-form, +# absolute-form, authority-form, or asterisk-form. A relative reference +# like "foo/bar" matches none of these and must be rejected. +from gunicorn.http.errors import InvalidRequestLine +request = InvalidRequestLine +# The C parser (gunicorn_h1c) does not yet enforce this rule. +python_only = True