mirror of
https://github.com/frappe/gunicorn.git
synced 2026-07-04 03:31:29 +08:00
The smuggling guard added in #3614 reads self._body_receiver after _handle_http_request returns to refuse keepalive on a body that did not finish framing. But _handle_http_request's finally cleared the receiver before returning, so the gate always saw None and let keepalive proceed unconditionally. Move the clear into the connection loop's per-iteration cleanup (it already had one there for the same purpose). Adds an end-to-end regression test that pipelines a partial-body POST followed by a smuggled GET and asserts the second request is not served and the transport closes.