ran 7ae6503dea fix: validate headers in early_hints callback to match process_headers
The early_hints callback constructs 103 Early Hints responses without
any header validation, while process_headers validates against TOKEN_RE
and HEADER_VALUE_RE for normal responses. This inconsistency means a
WSGI app passing unsanitized data to wsgi.early_hints could enable
HTTP response splitting via CRLF injection.

Apply the same TOKEN_RE/HEADER_VALUE_RE checks from process_headers to
the early_hints callback for defense-in-depth consistency.

Closes #3585
2026-04-13 17:21:24 +08:00
..
2026-02-06 08:21:18 +01:00
2026-02-06 08:21:18 +01:00
2024-04-22 03:33:30 +02:00
2026-01-27 09:57:32 +01:00
2026-01-27 09:57:32 +01:00
2026-02-06 08:21:18 +01:00
2026-02-06 08:21:18 +01:00
2024-04-22 03:33:14 +02:00
2024-04-22 03:33:14 +02:00
2026-02-06 08:21:18 +01:00
2024-04-22 03:33:14 +02:00