Skip to content

Commit

Permalink
Merge pull request #434 from Pylons/bugfix/dont-strip-value-wsgi-environ
Browse files Browse the repository at this point in the history
Bugfix: Don't strip whitespace from values before inserting into environ
  • Loading branch information
digitalresistor authored Feb 5, 2024
2 parents 4e0d8c4 + 1697cb9 commit 8565e0d
Show file tree
Hide file tree
Showing 5 changed files with 16 additions and 4 deletions.
7 changes: 7 additions & 0 deletions CHANGES.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
3.0.1 (unreleased)
------------------

- No longer strip the header values before passing them to the WSGI environ.
See https://github.com/Pylons/waitress/pull/434 and
https://github.com/Pylons/waitress/issues/432

3.0.0 (2024-02-04)
------------------

Expand Down
2 changes: 1 addition & 1 deletion setup.cfg
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[metadata]
name = waitress
version = 3.0.0
version = 3.0.1
description = Waitress WSGI server
long_description = file: README.rst, CHANGES.txt
long_description_content_type = text/x-rst
Expand Down
1 change: 0 additions & 1 deletion src/waitress/task.py
Original file line number Diff line number Diff line change
Expand Up @@ -557,7 +557,6 @@ def get_environment(self):
}

for key, value in dict(request.headers).items():
value = value.strip()
mykey = rename_headers.get(key, None)
if mykey is None:
mykey = "HTTP_" + key
Expand Down
5 changes: 5 additions & 0 deletions tests/test_parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -384,6 +384,11 @@ def test_parse_header_invalid_chars(self):
else: # pragma: nocover
self.assertTrue(False)

def test_parse_header_other_whitespace(self):
data = b"GET /foobar HTTP/1.1\r\nfoo: \xa0something\x85\r\n"
self.parser.parse_header(data)
self.assertEqual(self.parser.headers["FOO"], "\xa0something\x85")

def test_parse_header_empty(self):
data = b"GET /foobar HTTP/1.1\r\nfoo: bar\r\nempty:\r\n"
self.parser.parse_header(data)
Expand Down
5 changes: 3 additions & 2 deletions tests/test_task.py
Original file line number Diff line number Diff line change
Expand Up @@ -776,7 +776,7 @@ def test_get_environment_values(self):
request.headers = {
"CONTENT_TYPE": "abc",
"CONTENT_LENGTH": "10",
"X_FOO": "BAR",
"X_FOO": "\xa0BAR\x85",
"CONNECTION": "close",
}
request.query = "abc"
Expand Down Expand Up @@ -830,7 +830,8 @@ def test_get_environment_values(self):
self.assertEqual(environ["REMOTE_PORT"], "39830")
self.assertEqual(environ["CONTENT_TYPE"], "abc")
self.assertEqual(environ["CONTENT_LENGTH"], "10")
self.assertEqual(environ["HTTP_X_FOO"], "BAR")
# Make sure we don't strip non RFC compliant whitespace
self.assertEqual(environ["HTTP_X_FOO"], "\xa0BAR\x85")
self.assertEqual(environ["wsgi.version"], (1, 0))
self.assertEqual(environ["wsgi.url_scheme"], "http")
self.assertEqual(environ["wsgi.errors"], sys.stderr)
Expand Down

0 comments on commit 8565e0d

Please sign in to comment.