summaryrefslogtreecommitdiffstats
path: root/Lib/http/server.py
Commit message (Collapse)AuthorAgeFilesLines
* [3.8] gh-104049: do not expose on-disk location from ↵Miss Islington (bot)2023-05-221-1/+1
| | | | | | | | | | | SimpleHTTPRequestHandler (GH-104067) (#104121) Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure) (cherry picked from commit c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a) Co-authored-by: Ethan Furman <ethan@stoneleaf.us> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
* [3.8] gh-100001: Omit control characters in http.server stderr logs. ↵Miss Islington (bot)2022-12-061-1/+11
| | | | | | | | | | | | | | | | (GH-100002) (#100033) * gh-100001: Omit control characters in http.server stderr logs. (GH-100002) Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to. (cherry picked from commit d8ab0a4dfa48f881b4ac9ab857d2e9de42f72828) Co-authored-by: Gregory P. Smith <greg@krypto.org> * also escape \s (backport of PR #100038). * add versionadded and remove extraneous 'to' Co-authored-by: Gregory P. Smith <greg@krypto.org>
* gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879) ↵Miss Islington (bot)2022-06-221-0/+7
| | | | | | | | | | | | | (GH-94094) Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` that could produce a 301 Location header with a misleading target. Vulnerability discovered, and logic fix proposed, by Hamza Avvan (@hamzaavvan). Test and comments authored by Gregory P. Smith [Google]. (cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e) Co-authored-by: Gregory P. Smith <greg@krypto.org>
* bpo-38907: Suppress any exception when attempting to set V6ONLY. (GH-17864) ↵Miss Islington (bot)2020-01-061-1/+5
| | | | | | | | | | | (GH-17865) Fixes error attempting to bind to IPv4 address. (cherry picked from commit 7cdc31a14c824000cbe8b487900c9826a33f6940) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com> Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
* bpo-38907: In http.server script, restore binding to IPv4 on Windows. ↵Miss Islington (bot)2020-01-061-1/+13
| | | | | | | | | | (GH-17851) (#17854) (cherry picked from commit ee94bdb0598f9bc47d6a49e58fffc97aa617be96) Co-authored-by: Jason R. Coombs <jaraco@jaraco.com> Co-authored-by: Jason R. Coombs <jaraco@jaraco.com>
* bpo-24209: In http.server script, rely on getaddrinfo to bind to preferred ↵Jason R. Coombs2019-02-071-10/+20
| | | | | | | address based on the bind parameter. (#11767) In http.server script, rely on getaddrinfo to bind to preferred address based on the bind parameter. As a result, now IPv6 is used as the default (including IPv4 on dual-stack systems). Enhanced tests.
* bpo-34711: Return HTTPStatus.NOT_FOUND if path.endswith('/') and not a ↵Michael Felt2018-12-261-0/+8
| | | | | | | | | | directory (GH-9687) AIX allows a trailing slash on local file system paths, which isn't what we want in http.server. Accordingly, check explicitly for this case in the server code, rather than relying on the OS raising an exception. Patch by Michael Felt.
* Adds IPv6 support when invoking http.server directly. (GH-10595)Lisa Roach2018-11-261-0/+3
|
* bpo-33663: Convert content length to string before putting to header (GH-7754)ValeriyaSinevich2018-06-181-1/+1
|
* bpo-31639: Change ThreadedHTTPServer to ThreadingHTTPServer class name (GH-7195)Géry Ogam2018-05-291-3/+3
|
* bpo-31639: Use threads in http.server module. (GH-5018)Julien Palard2018-03-231-2/+7
|
* bpo-31462: Remove trailing whitespaces. (#3564)Serhiy Storchaka2017-09-141-2/+2
|
* bpo-28707: Add the directory parameter to ↵Stéphane Wirtel2017-05-241-2/+13
| | | | | | | | http.server.SimpleHTTPRequestHandler and http.server module (#1776) * bpo-28707: call the constructor of SimpleHTTPRequestHandler in the test with a mock object * bpo-28707: Add the directory parameter to http.server.SimpleHTTPRequestHandler and http.server module
* bpo-30166: Import command-line parsing modules only when needed. (#1293)Serhiy Storchaka2017-05-041-1/+2
|
* bpo-29654 : Support If-Modified-Since HTTP header (browser cache) (#298)Pierre Quentel2017-04-021-4/+35
| | | | Return 304 response if file was not modified.
* Issue #28548: Parse HTTP request version even if too many words receivedMartin Panter2016-11-191-15/+18
|
* Issue #25738: Merge HTTP server from 3.5Martin Panter2016-06-081-13/+20
|\
| * Issue #25738: Don’t send message body for 205 Reset ContentMartin Panter2016-06-081-10/+20
| | | | | | | | Patch by Susumu Koshiba.
* | Issue #24902: Print server URL on http.server startupBerker Peksag2016-04-291-1/+2
| | | | | | | | Initial patch by Felix Kaiser.
* | Issue #26657: Merge http.server fix from 3.5Martin Panter2016-04-181-3/+3
|\ \ | |/
| * Issue #26657: Fix Windows directory traversal vulnerability with http.serverMartin Panter2016-04-181-3/+3
| | | | | | | | | | Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47.
* | Issue #26404: Add context manager to socketserver, by Aviv PalivodaMartin Panter2016-04-131-10/+8
| |
* | Issue #26585: Eliminate _quote_html() and use html.escape(quote=False)Martin Panter2016-04-111-8/+8
| | | | | | | | Patch by Xiang Zhang.
* | Issue #26586: Simple enhancements to BaseHTTPRequestHandler by Xiang ZhangMartin Panter2016-04-031-15/+13
| |
* | Issue #26586: Merge excessive HTTP header handling from 3.5Martin Panter2016-04-031-0/+7
|\ \ | |/
| * Issue #26586: Handle excessive header fields in http.server, by Xiang ZhangMartin Panter2016-04-031-0/+7
| |
* | Issue #747320: Use email.utils.formatdate() to avoid code duplicationBerker Peksag2016-03-141-6/+2
|/ | | | | | in BaseHTTPRequestHandler Initial patch by karlcow.
* Merge typo fixes from 3.4 into 3.5Martin Panter2015-10-071-1/+1
|\
| * Various minor typos in documentation and commentsMartin Panter2015-10-071-1/+1
| |
* | Issues #25232, #24657: Merge two CGI server fixes from 3.4 into 3.5Martin Panter2015-10-031-9/+10
|\ \ | |/
| * Issue #24657: Prevent CGIRequestHandler from collapsing the URL queryMartin Panter2015-10-031-4/+9
| | | | | | | | | | Initial patch from Xiang Zhang. Also fix out-of-date _url_collapse_path() doc string.
| * Issue #25232: Fix CGIRequestHandler's splitting of URL queryMartin Panter2015-10-031-5/+1
| | | | | | | | Patch from Xiang Zhang.
* | Issue #24774: Fix docstring in http.server.test.Robert Collins2015-08-171-2/+1
|\ \ | |/ | | | | Patch from Chiu-Hsiang Hsu.
| * Issue #24774: Fix docstring in http.server.test.Robert Collins2015-08-171-2/+1
| | | | | | | | Patch from Chiu-Hsiang Hsu.
* | Issue #21793: BaseHTTPRequestHandler again logs response code as numeric,Serhiy Storchaka2015-03-071-1/+2
| | | | | | | | not as stringified enum. Patch by Demian Brecht.
* | merge 3.4 (#23410)Benjamin Peterson2015-02-181-10/+10
|\ \ | |/
| * document the requestline and close_connection attributes, use real booleans, ↵Benjamin Peterson2015-02-181-10/+10
| | | | | | | | | | | | and add tests (closes #23410) Patch by Martin Panter.
* | Issue #23418: Add missing entries to http.server.__all__.Berker Peksag2015-02-131-1/+4
|\ \ | |/ | | | | Patch by Martin Panter.
| * Issue #23418: Add missing entries to http.server.__all__.Berker Peksag2015-02-131-1/+4
| | | | | | | | Patch by Martin Panter.
* | merge 3.4 (#23112)Benjamin Peterson2014-12-261-2/+6
|\ \ | |/
| * fix behavior of trailing slash redirection when a query string is involved ↵Benjamin Peterson2014-12-261-2/+6
| | | | | | | | (closes #23112)
* | Issue #21793: Added http.HTTPStatus enums (i.e. HTTPStatus.OK,Serhiy Storchaka2014-12-231-99/+54
|/ | | | HTTPStatus.NOT_FOUND). Patch by Demian Brecht.
* Issue #22165: SimpleHTTPRequestHandler now supports undecodable file names.Serhiy Storchaka2014-08-171-4/+15
|
* Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,Ned Deily2014-07-131-5/+5
|\ | | | | | | broken by the fix for security issue #19435. Patch by Zach Byrne.
| * Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,Ned Deily2014-07-131-5/+5
| |\ | | | | | | | | | broken by the fix for security issue #19435. Patch by Zach Byrne.
| | * Issue #21323: Fix http.server to again handle scripts in CGI subdirectories,Ned Deily2014-07-131-5/+5
| | | | | | | | | | | | broken by the fix for security issue #19435. Patch by Zach Byrne.
* | | merge 3.3 (#21766)Benjamin Peterson2014-06-151-1/+1
|\ \ \ | |/ /
| * | merge 3.2 (#21766)Benjamin Peterson2014-06-151-1/+1
| |\ \ | | |/
| | * url unquote the path before checking if it refers to a CGI script (closes ↵Benjamin Peterson2014-06-151-1/+1
| | | | | | | | | | | | #21766)
* | | Issue #20976: pyflakes: Remove unused importsVictor Stinner2014-03-201-2/+0
| | |
generated by cgit v0.12 at 2025-12-26 23:32:03 (GMT)