jingrow/gunicorn
1
0
Fork 0
mirror of https://github.com/frappe/gunicorn.git synced 2026-01-14 11:09:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
gunicorn/tests/requests/valid/040_compat.py
Paul J. Dorn 72b8970dbf silently drop or refuse header names w/ underscore 
Ambiguous mappings open a bottomless pit of "what is user input and what is proxy input" confusion.
Default to what everyone else has been doing for years now, silently drop.

see also https://nginx.org/r/underscores_in_headers
2023-12-15 13:33:31 +01:00

17 lines
349 B
Python
Raw Permalink Blame History

from gunicorn.config import Config
cfg = Config()
cfg.set("header_map", "dangerous")
request = {
"method": "GET",
"uri": uri("/keep/same/as?invalid/040"),
"version": (1, 0),
"headers": [
("TRANSFER_ENCODING", "tricked"),
("CONTENT-LENGTH", "7"),
("CONTENT_LENGTH", "-1E23"),
],
"body": b'tricked'
}
Reference in New Issue View Git Blame Copy Permalink