[issue25539] python3 fail on parsing http header
Martin Panter
report at bugs.python.org
Wed Nov 4 05:48:01 EST 2015
Martin Panter added the comment:
Just noticed the whitespace scenario is mentioned at <https://tools.ietf.org/html/rfc7230#section-3.2.4>:
'''
No whitespace is allowed between the header field-name and colon. In the past, differences in the handling of such whitespace have led to security vulnerabilities in . . . response handling. . . . A proxy must remove any such whitespace from a response message before forwarding the message downstream.
'''
It would not be possible build a proxy that does that using Python 3’s current HTTP client.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue25539>
_______________________________________
More information about the Python-bugs-list
mailing list