diff --git a/tests/requests/invalid/rfc9112_target_authority_non_connect_01.http b/tests/requests/invalid/rfc9112_target_authority_non_connect_01.http new file mode 100644 index 00000000..0b8e978f --- /dev/null +++ b/tests/requests/invalid/rfc9112_target_authority_non_connect_01.http @@ -0,0 +1,3 @@ +GET example.com:443 HTTP/1.1\r\n +Host: example.com:443\r\n +\r\n diff --git a/tests/requests/invalid/rfc9112_target_authority_non_connect_01.py b/tests/requests/invalid/rfc9112_target_authority_non_connect_01.py new file mode 100644 index 00000000..2a91f311 --- /dev/null +++ b/tests/requests/invalid/rfc9112_target_authority_non_connect_01.py @@ -0,0 +1,10 @@ +# +# This file is part of gunicorn released under the MIT license. +# See the NOTICE for more information. + +# RFC 9112 section 3.2.3: authority-form ("host:port") is only valid with +# the CONNECT method. Any other method carrying it must be rejected. +from gunicorn.http.errors import InvalidRequestLine +request = InvalidRequestLine +# The C parser (gunicorn_h1c) does not yet enforce this rule. +python_only = True