Commit Graph

375 Commits

Author SHA1 Message Date
Jason R. Coombs 80dd66ac27
[3.7] bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16448) (GH-16461)
* bpo-38216: Allow bypassing input validation

* bpo-36274: Also allow the URL encoding to be overridden.

* bpo-38216, bpo-36274: Add tests demonstrating a hook for overriding validation, test demonstrating override encoding, and a test to capture expectation of the interface for the URL.

* Call with skip_host to avoid tripping on the host checking in the URL.

* Remove obsolete comment.

* Make _prepare_path_encoding its own attr.

This makes overriding just that simpler.

Also, don't use the := operator to make backporting easier.

* Add a news entry.

* _prepare_path_encoding -> _encode_prepared_path()

* Once again separate the path validation and request encoding, drastically simplifying the behavior. Drop the guarantee that all processing happens in _prepare_path..
(cherry picked from commit 7774d7831e)

Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
2019-09-28 09:15:05 -04:00
Xtreak e7b7edf5eb [3.7] bpo-12144: Handle cookies with expires attribute in CookieJar.make_cookies (GH-13921) (GH-16092)
* [3.7] bpo-12144: Handle cookies with expires attribute in CookieJar.make_cookies (GH-13921)

Handle time comparison for cookies with `expires` attribute when `CookieJar.make_cookies` is called.

Co-authored-by: Demian Brecht <demianbrecht@gmail.com>

https://bugs.python.org/issue12144

Automerge-Triggered-By: @asvetlov
(cherry picked from commit bb41147)

Co-authored-by: Xtreak <tir.karthi@gmail.com>

* Use warnings module instead of test.support.check_no_warnings

* [3.7] bpo-12144: Handle cookies with expires attribute in CookieJar.make_cookies (GH-13921)

Handle time comparison for cookies with `expires` attribute when `CookieJar.make_cookies` is called.

Co-authored-by: Demian Brecht <demianbrecht@gmail.com>

https://bugs.python.org/issue12144

Automerge-Triggered-By: @asvetlov.
(cherry picked from commit bb41147eab)

Co-authored-by: Xtreak <tir.karthi@gmail.com>
2019-09-13 15:22:12 +03:00
Miss Islington (bot) 0bb8f22abd Correct description of HTTP status code 308. (GH-15097)
Permanent redirect was explained as a temporary redirect.
(cherry picked from commit 5c72badd06)

Co-authored-by: Florian Wendelborn <1133858+FlorianWendelborn@users.noreply.github.com>
2019-08-03 11:40:09 -07:00
Miss Islington (bot) 6be91102f7
[3.7] bpo-37440: Enable TLS 1.3 post-handshake auth in http.client (GH-14448) (GH-14496)
Post-handshake authentication is required for conditional client cert authentication with TLS 1.3.


https://bugs.python.org/issue37440
(cherry picked from commit d1bd6e79da)


Co-authored-by: Christian Heimes <christian@python.org>


https://bugs.python.org/issue37440
2019-07-01 00:07:52 -07:00
Miro Hrončok 7e200e0763 bpo-30458: Disallow control chars in http URLs. (GH-12755) (GH-13154)
Disallow control chars in http URLs in urllib.urlopen.  This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.

Disable https related urllib tests on a build without ssl (GH-13032)
These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures.

Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044)

Backport Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
2019-05-07 11:28:47 -04:00
Miss Islington (bot) 6f9cd142a2 bpo-36522: Print all values for headers with multiple values. (GH-12681) (GH-12682)
(cherry picked from commit 461c416dd7)

Co-authored-by: Matt Houglum <houglum@google.com>
2019-04-04 11:25:59 +03:00
Miss Islington (bot) 97c7d78fda
bpo-35647: Fix path check in cookiejar (GH-11436)
* Refactor cookie path check as per RFC 6265

* Add tests for prefix match of path

* Add news entry

* Fix set_ok_path and refactor tests

* Use slice for last letter
(cherry picked from commit 0e1f1f0105)

Co-authored-by: Xtreak <tir.karthi@gmail.com>
2019-03-10 10:30:35 -07:00
Miss Islington (bot) e5123d81ff bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258) (GH-12261)
Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy.  Patch by Karthikeyan Singaravelan.
(cherry picked from commit ca7fe50635)

Co-authored-by: Xtreak <tir.karthi@gmail.com>
2019-03-09 21:58:25 -05:00
Miss Islington (bot) 2edcf0a3db
bpo-33365: print the header values beside the keys (GH-6611)
with debuglevel=1 only the header keys got printed. With
this change the header values get printed as well and the single
header entries get '\n' as a separator.
(cherry picked from commit 936f03e7fa)

Co-authored-by: Marco Strigl <mstrigl@suse.com>
2018-06-19 06:52:36 -07:00
Miss Islington (bot) 53d1e9fad3
bpo-33663: Convert content length to string before putting to header (GH-7754)
(cherry picked from commit b36b0a3765)

Co-authored-by: ValeriyaSinevich <valeriya.sinevich@phystech.edu>
2018-06-18 14:37:56 -07:00
Julien Palard 4f53e2ac16
[3.7] bpo-31639: Change ThreadedHTTPServer to ThreadingHTTPServer class name (GH-7195) (GH-7219)
* [3.7] bpo-31639: Change ThreadedHTTPServer to ThreadingHTTPServer class name (GH-7195).
(cherry picked from commit 1cee216cf3)

* Fix whatsnew entry about ThreadedHTTPServer. (GH-7220)
(cherry picked from commit a34e424bdb)
2018-05-30 02:24:17 +02:00
Miss Islington (bot) 9fc998d761 bpo-991266: Fix quoting of Comment attribute of SimpleCookie (GH-6555)
(cherry picked from commit d5a2377c3d)

Co-authored-by: Berker Peksag <berker.peksag@gmail.com>
2018-04-23 03:58:23 +03:00
Miss Islington (bot) f8d2c3cf5f
bpo-31639: Use threads in http.server module. (GH-5018)
(cherry picked from commit 8bcfa02e4b)

Co-authored-by: Julien Palard <julien@palard.fr>
2018-03-23 13:31:20 -07:00
Christian Heimes 61d478c71c
bpo-31399: Let OpenSSL verify hostname and IP address (#3462)
bpo-31399: Let OpenSSL verify hostname and IP

The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and
X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses.

* Remove match_hostname calls
* Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host()
* Add documentation for OpenSSL 1.0.2 requirement
* Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform.
* Add hostname_checks_common_name

Signed-off-by: Christian Heimes <christian@python.org>
2018-01-27 15:51:38 +01:00
Mike 53f7a7c281 bpo-32297: Few misspellings found in Python source code comments. (#4803)
* Fix multiple typos in code comments

* Add spacing in comments (test_logging.py, test_math.py)

* Fix spaces at the beginning of comments in test_logging.py
2017-12-14 13:04:53 +02:00
Nir Soffer ad455cd924 bpo-31945: Configurable blocksize in HTTP(S)Connection (#4279)
blocksize was hardcoded to 8192, preventing efficient upload when using
file-like body. Add blocksize argument to __init__, so users can
configure the blocksize to fit their needs.

I tested this uploading data from /dev/zero to a web server dropping the
received data, to test the overhead of the HTTPConnection.send() with a
file-like object.

Here is an example 10g upload with the default buffer size (8192):

$ time ~/src/cpython/release/python upload-httplib.py 10 https://localhost:8000/
Uploaded 10.00g in 17.53 seconds (584.00m/s)

real	0m17.574s
user	0m8.887s
sys	0m5.971s

Same with 512k blocksize:

$ time ~/src/cpython/release/python upload-httplib.py 10 https://localhost:8000/
Uploaded 10.00g in 6.60 seconds (1551.15m/s)

real	0m6.641s
user	0m3.426s
sys	0m2.162s

In real world usage the difference will be smaller, depending on the
local and remote storage and the network.

See https://github.com/nirs/http-bench for more info.
2017-11-06 13:16:37 -08:00
Vitor Pereira 52ad72dd0a bpo-30553: Add status code 421 to http.HTTPStatus (GH-2589) 2017-10-26 21:49:19 +03:00
Serhiy Storchaka 13ad3b7a82 bpo-31462: Remove trailing whitespaces. (#3564) 2017-09-14 09:38:36 +03:00
Antoine Pitrou a6a4dc816d bpo-31370: Remove support for threads-less builds (#3385)
* Remove Setup.config
* Always define WITH_THREAD for compatibility.
2017-09-07 18:56:24 +02:00
Stéphane Wirtel a17a2f52c4 bpo-28707: Add the directory parameter to http.server.SimpleHTTPRequestHandler and http.server module (#1776)
* bpo-28707: call the constructor of SimpleHTTPRequestHandler in the test with a mock object

* bpo-28707: Add the directory parameter to http.server.SimpleHTTPRequestHandler and http.server module
2017-05-24 00:29:06 -07:00
remitamine a632d00a1c Remove duplicate line in Lib/http/client.py (#1665) 2017-05-19 15:28:35 +03:00
Serhiy Storchaka 7e4db2f253 bpo-30166: Import command-line parsing modules only when needed. (#1293) 2017-05-04 08:17:47 +03:00
Serhiy Storchaka 2e576f5aec bpo-30144: Import collections ABC from collections.abc rather than collections. (#1263) 2017-04-24 09:05:00 +03:00
Pierre Quentel 351adda54b bpo-29654 : Support If-Modified-Since HTTP header (browser cache) (#298)
Return 304 response if file was not modified.
2017-04-02 13:26:12 +03:00
Serhiy Storchaka cc283378d6 Issue #29192: Removed deprecated features in the http.cookies module. 2017-01-13 09:23:15 +02:00
Serhiy Storchaka 70d28a184c Remove unused imports. 2016-12-16 20:00:15 +02:00
Martin Panter e82338ddab Issue #28548: Parse HTTP request version even if too many words received 2016-11-19 01:06:37 +00:00
Martin Panter 741d4940fe Issue #23214: Remove BufferedReader.read1(-1) workaround 2016-10-21 00:52:04 +00:00
Serhiy Storchaka bd48d27944 Issue #22493: Inline flags now should be used only at the start of the
regular expression.  Deprecation warning is emitted if uses them in the
middle of the regular expression.
2016-09-11 12:50:02 +03:00
Christian Heimes d04863771b Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.
The deprecation include manual creation of SSLSocket and certfile/keyfile
(or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib.

ssl.wrap_socket() is not marked as deprecated yet.
2016-09-10 23:23:33 +02:00
Eric V. Smith 451d0e38fc Issue 27948: Allow backslashes in the literal string portion of f-strings, but not in the expressions. Also, require expressions to begin and end with literal curly braces. 2016-09-09 21:56:20 -04:00
Senthil Kumaran 10427f4485 [merge from 3.5] - Issue28010 - Make http.client.HTTPConnection.putrequest
documentation consistent with the code.
2016-09-08 14:29:23 -07:00
Senthil Kumaran 5dc504c3c9 Issue28010 - Make http.client.HTTPConnection.putrequest documentation consistent with the code. 2016-09-08 14:28:01 -07:00
Martin Panter 0be894b2f6 Issue #27895: Spelling fixes (Contributed by Ville Skyttä). 2016-09-07 12:03:06 +00:00
R David Murray 44b548dda8 #27364: fix "incorrect" uses of escape character in the stdlib.
And most of the tools.

Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and
Martin Panter.
2016-09-08 13:59:53 -04:00
Eric V. Smith 6e025608a2 Issue 27921: Remove backslash from another f-string. 2016-09-03 10:43:20 -04:00
Raymond Hettinger 15f44ab043 Issue #27895: Spelling fixes (Contributed by Ville Skyttä). 2016-08-30 10:47:49 -07:00
Martin Panter ef91bb2660 Issue #12319: Always send file request bodies using chunked encoding
The previous attempt to determine the file’s Content-Length gave a false
positive for pipes on Windows.

Also, drop the special case for sending zero-length iterable bodies.
2016-08-27 01:39:26 +00:00
Raymond Hettinger f74c33ad5c Merge 2016-08-25 21:12:16 -07:00
Raymond Hettinger 7ea386e56e Issue 19504: Change "customise" to "customize" American spelling. 2016-08-25 21:11:50 -07:00
Martin Panter 3c0d0baf2b Issue #12319: Support for chunked encoding of HTTP request bodies
When the body object is a file, its size is no longer determined with
fstat(), since that can report the wrong result (e.g. reading from a pipe).
Instead, determine the size using seek(), or fall back to chunked encoding
for unseekable files.

Also, change the logic for detecting text files to check for TextIOBase
inheritance, rather than inspecting the “mode” attribute, which may not
exist (e.g. BytesIO and StringIO).  The Content-Length for text files is no
longer determined ahead of time, because the original logic could have been
wrong depending on the codec and newline translation settings.

Patch by Demian Brecht and Rolf Krahl, with a few tweaks by me.
2016-08-24 06:33:33 +00:00
Senthil Kumaran 290b42de73 [merge from 3.5] - Issue #27466: Change time format returned by
http.cookie.time2netscape, confirming the netscape cookie format.
2016-07-10 06:49:49 -07:00
Senthil Kumaran d5b47fb8ce Issue #27466: Change time format returned by http.cookie.time2netscape,
confirming the netscape cookie format.
2016-07-10 06:45:38 -07:00
Martin Panter 40de69ac58 Issue #25738: Merge HTTP server from 3.5 2016-06-08 09:45:58 +00:00
Martin Panter e42e129ebe Issue #25738: Don’t send message body for 205 Reset Content
Patch by Susumu Koshiba.
2016-06-08 08:29:13 +00:00
Martin Panter 3e04d5b306 Issue #27076: Merge spelling from 3.5 2016-05-26 06:03:19 +00:00
Martin Panter 46f50726a0 Issue #27076: Doc, comment and tests spelling fixes
Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
2016-05-26 05:35:26 +00:00
Martin Panter 1ce738e08f Merge typo fixes from 3.5 2016-05-08 14:02:35 +00:00
Martin Panter f0564164ba Fix typos in comments, documentation and test method names 2016-05-08 13:48:10 +00:00
Berker Peksag 3a31cca4ab Issue #24902: Print server URL on http.server startup
Initial patch by Felix Kaiser.
2016-04-29 16:48:11 +03:00