jingrow/gunicorn
1
0
Fork 0
mirror of https://github.com/frappe/gunicorn.git synced 2026-01-14 11:09:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
3,193 Commits 1 Branch 0 Tags
Commit Graph

4 Commits

Author SHA1 Message Date
benoitc
555d2fa27f don't tolerate wrong te headers 
changes:

- Just follow the new TE specification (https://datatracker.ietf.org/doc/html/rfc9112#name-transfer-encoding)
 here and accept to introduce a breaking change.
- gandle multiple TE on one line

** breaking changes ** : invalid  headers and position will now return
an error.
 2024-08-06 23:47:01 +02:00
Paul J. Dorn
e710393d14 HTTP parser: stricter chunk-ext OBS handling 
chunk extensions are silently ignored before and after this change;
its just the whitespace handling for the case without extensions that matters
applying same strip(WS)->rstrip(BWS) replacement as already done in related cases

half-way fix: could probably reject all BWS cases, rejecting only misplaced ones
 2023-12-17 17:46:56 +01:00
Paul J. Dorn
ac29c9b0a7 fail-safe on unsupported request framing 
If we promise wsgi.input_terminated, we better get it right - or not at all.
* chunked encoding on HTTP <= 1.1
* chunked not last transfer coding
* multiple chinked codings
* any unknown codings (yes, this too! because we do not detect unusual syntax that is still chunked)
* empty coding (plausibly harmless, but not see in real life anyway - refused, for the moment)
 2023-12-15 13:33:31 +01:00
Konstantin Kapustin
4be3282440 Check Content-Length header. 
For not chunked request do validation Content-Length header and return 400 if invalid.
 2012-09-27 19:14:40 +02:00