Comments (6)
Can you say more about how exactly this happens? It's true that we don't strip the value when parsing content-length, but it's supposed to already be stripped in the last line of HTTPHeaders.parse_line
.
The \r\n
is not supposed to make it to parse_line
; those characters are handled in parse()
. I don't see an issue when Content-Length is the last header: we have a test for this case at
Line 188 in a48d634
I do see a couple of potential issues in edge cases, though.
Content-Length: 42\r\n \r\n
(with a space between the CRLF pairs) will add a space to the value"42 "
Content-Length:\r\n 42\r\n
(with the whole value in a continuation line) adds a leading space," 42"
Both of these cases are errors now although they were accepted prior to bf90f3a. I think they're both technically legal although I'd have to go back to the RFCs to be sure.
from tornado.
We had some code that was manually proxying headers from an upstream request to a response that was pushing all of the lines passed to a AsyncHTTPClient.fetch
header_callback
to parse_line
that triggered this.
from tornado.
I just tested sending a request with a Content-Length
of 0
, and it worked totally fine. Can you enter an example of a request that causes the problem?
from tornado.
The Content-Length needs to be the last header which then gets interpreted as a multi-line continuation and then adds a space itself, as stated in the first message.
from tornado.
Got it; now I can reproduce the bug. Agreed that this is a problem.
Also, it turns out that gunicorn and fasthttp also have this exact same bug.
from tornado.
Related Issues (20)
- tornado 6.3.3 with gevent 23.7.0 hangup HOT 1
- How to set timeout on an Application and/or HTTPServer HOT 1
- `tornado.process.Subprocess()` hangs forever in `write()` for large data HOT 1
- httpclient_test: test_destructor_log is flaky on windows
- Python 3.11.5 error in ioloop.py HOT 3
- Inaccurate typing on HTTPHeaders
- py3.12: datetime.datetime.utcfromtimestamp() is deprecated and scheduled for removal HOT 4
- Inaccurate typing for body/query argument getters
- High CPU consumption when upgrade to tornado > 5 HOT 2
- Can I write a single decorator combining @tornado.gen.coroutine and @run_on_executor. HOT 2
- Possible leak when exception is raised in inner coroutine HOT 1
- iostream: SSL logging is too noisy
- Tornado was blocked for more than 1 second in HOT 1
- static_url with a prefix does not work in a Template tag HOT 2
- how to handle the http stream data without using callback but based on coroutine? HOT 1
- Test fail with openssl 3.2 HOT 1
- tornado.websocket.WebSocketClosedError
- Send 204 as HTTPError
- Tornado Websocket write message performance degradation when binary is False HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tornado.