Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion Lib/http/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -334,20 +334,23 @@ def parse_request(self):
raise ValueError("unreasonable length http version")
version_number = int(version_number[0]), int(version_number[1])
except (ValueError, IndexError):
# Send the error response with a status line and headers.
self.request_version = ''
self.send_error(
HTTPStatus.BAD_REQUEST,
"Bad request version (%r)" % version)
return False
self.request_version = version
if version_number >= (1, 1) and self.protocol_version >= "HTTP/1.1":
self.close_connection = False
if version_number >= (2, 0):
self.send_error(
HTTPStatus.HTTP_VERSION_NOT_SUPPORTED,
"Invalid HTTP version (%s)" % base_version_number)
return False
self.request_version = version

if not 2 <= len(words) <= 3:
self.request_version = ''
self.send_error(
HTTPStatus.BAD_REQUEST,
"Bad request syntax (%r)" % requestline)
Expand All @@ -356,6 +359,7 @@ def parse_request(self):
if len(words) == 2:
self.close_connection = True
if command != 'GET':
self.request_version = ''
self.send_error(
HTTPStatus.BAD_REQUEST,
"Bad HTTP/0.9 request type (%r)" % command)
Expand Down
15 changes: 15 additions & 0 deletions Lib/test/test_httpservers.py
Original file line number Diff line number Diff line change
Expand Up @@ -386,6 +386,8 @@ def test_simple_get(self):
def test_invalid_request(self):
self.sock.send(b'POST /index.html\r\n')
res = self.sock.recv(1024)
# The error response is not sent in the bare HTTP/0.9 style.
self.assertStartsWith(res, b'HTTP/1.0 400 ')
self.assertIn(b"Bad HTTP/0.9 request type ('POST')", res)

def test_single_request(self):
Expand Down Expand Up @@ -1102,6 +1104,19 @@ def test_http_0_9(self):
self.assertEqual(result[0], b'<html><body>Data</body></html>\r\n')
self.verify_get_called()

@support.subTests('request,code', [
(b'GET / FUBAR\r\n\r\n', 400), # bad version
(b'GET / HTTP/2.0\r\n\r\n', 505), # unsupported version
(b'GET\r\n', 400), # bad syntax
(b'POST /\r\n', 400), # bad HTTP/0.9 request type
])
def test_request_line_error_has_status_line(self, request, code):
self.handler = SocketlessRequestHandler()
result = self.send_typical_request(request)
self.assertStartsWith(result[0], b'HTTP/1.1 %d ' % code)
self.verify_expected_headers(result[1:result.index(b'\r\n')])
self.assertFalse(self.handler.get_called)

def test_extra_space(self):
result = self.send_typical_request(
b'GET /spaced out HTTP/1.1\r\n'
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Error responses of :class:`http.server.BaseHTTPRequestHandler` to malformed
request lines now include a status line and headers instead of being sent in
the bare HTTP/0.9 style.
Only a valid HTTP/0.9 request (a two-word ``GET`` request line) now receives
an HTTP/0.9 style response.
Loading