diff options
| author | Martin Panter <vadmium+py@gmail.com> | 2016-06-08 08:29:13 (GMT) |
|---|---|---|
| committer | Martin Panter <vadmium+py@gmail.com> | 2016-06-08 08:29:13 (GMT) |
| commit | e42e129ebec9918adcae6f93b18bb6652f29c3fe (patch) | |
| tree | 7d7de12f52be66a4e944010453b18b07197e3d7d /Lib/http | |
| parent | 4e50553823c16a65d80f6734b4ac303c18640380 (diff) | |
| download | cpython-e42e129ebec9918adcae6f93b18bb6652f29c3fe.zip cpython-e42e129ebec9918adcae6f93b18bb6652f29c3fe.tar.gz cpython-e42e129ebec9918adcae6f93b18bb6652f29c3fe.tar.bz2 | |
Issue #25738: Don’t send message body for 205 Reset Content
Patch by Susumu Koshiba.
Diffstat (limited to 'Lib/http')
| -rw-r--r-- | Lib/http/server.py | 30 |
1 files changed, 20 insertions, 10 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py index 3bd1f7a..00620d1 100644 --- a/Lib/http/server.py +++ b/Lib/http/server.py @@ -450,20 +450,30 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler): if explain is None: explain = longmsg self.log_error("code %d, message %s", code, message) - # using _quote_html to prevent Cross Site Scripting attacks (see bug #1100201) - content = (self.error_message_format % - {'code': code, 'message': _quote_html(message), 'explain': _quote_html(explain)}) - body = content.encode('UTF-8', 'replace') self.send_response(code, message) - self.send_header("Content-Type", self.error_content_type) self.send_header('Connection', 'close') - self.send_header('Content-Length', int(len(body))) + + # Message body is omitted for cases described in: + # - RFC7230: 3.3. 1xx, 204(No Content), 304(Not Modified) + # - RFC7231: 6.3.6. 205(Reset Content) + body = None + if (code >= 200 and + code not in (HTTPStatus.NO_CONTENT, + HTTPStatus.RESET_CONTENT, + HTTPStatus.NOT_MODIFIED)): + # HTML encode to prevent Cross Site Scripting attacks + # (see bug #1100201) + content = (self.error_message_format % { + 'code': code, + 'message': _quote_html(message), + 'explain': _quote_html(explain) + }) + body = content.encode('UTF-8', 'replace') + self.send_header("Content-Type", self.error_content_type) + self.send_header('Content-Length', int(len(body))) self.end_headers() - if (self.command != 'HEAD' and - code >= 200 and - code not in ( - HTTPStatus.NO_CONTENT, HTTPStatus.NOT_MODIFIED)): + if self.command != 'HEAD' and body: self.wfile.write(body) def send_response(self, code, message=None): |