summaryrefslogtreecommitdiffstats
path: root/Lib/http/server.py
Commit message (Collapse)AuthorAgeFilesLines
* [3.10] gh-104049: do not expose on-disk location from ↵Miss Islington (bot)2023-05-091-1/+1
| | | | | | | | | | | | | | | SimpleHTTPRequestHandler (GH-104067) (#104119) gh-104049: do not expose on-disk location from SimpleHTTPRequestHandler (GH-104067) Do not expose the local server's on-disk location from `SimpleHTTPRequestHandler` when generating a directory index. (unnecessary information disclosure) --------- (cherry picked from commit c7c3a60c88de61a79ded9fdaf6bc6a29da4efb9a) Co-authored-by: Ethan Furman <ethan@stoneleaf.us> Co-authored-by: Gregory P. Smith <greg@krypto.org> Co-authored-by: Jelle Zijlstra <jelle.zijlstra@gmail.com>
* [3.10] gh-100474: Fix handling of dirs named index.html in http.server ↵Miss Islington (bot)2022-12-241-1/+1
| | | | | (GH-100504) Co-authored-by: James Frost <git@frost.cx>
* gh-100001: Also escape \s in http.server log messages. (GH-100038)Miss Islington (bot)2022-12-051-0/+1
| | | | | | | | | | Also \ escape \s in the http.server BaseHTTPRequestHandler.log_message so that it is technically possible to parse the line and reconstruct what the original data was. Without this a \xHH is ambiguious as to if it is a hex replacement we put in or the characters r"\x" came through in the original request line. (cherry picked from commit 7e29398407dbd53b714702abb89aa2fd7baca48a) Co-authored-by: Gregory P. Smith <greg@krypto.org>
* gh-100001: Omit control characters in http.server stderr logs. (GH-100002)Miss Islington (bot)2022-12-051-1/+10
| | | | | | Replace control characters in http.server.BaseHTTPRequestHandler.log_message with an escaped \xHH sequence to avoid causing problems for the terminal the output is printed to. (cherry picked from commit d8ab0a4dfa48f881b4ac9ab857d2e9de42f72828) Co-authored-by: Gregory P. Smith <greg@krypto.org>
* gh-87389: Fix an open redirection vulnerability in http.server. (GH-93879)Miss Islington (bot)2022-06-211-0/+7
| | | | | | | | | | | Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` that could produce a 301 Location header with a misleading target. Vulnerability discovered, and logic fix proposed, by Hamza Avvan (@hamzaavvan). Test and comments authored by Gregory P. Smith [Google]. (cherry picked from commit 4abab6b603dd38bec1168e9a37c40a48ec89508e) Co-authored-by: Gregory P. Smith <greg@krypto.org>
* bpo-46436: Fix command-line option -d/--directory in module http.server ↵Miss Islington (bot)2022-02-141-13/+14
| | | | | | | | | | | | | (GH-30701) Fix command-line option -d/--directory in http.server main function that was ignored when combined with --cgi. Automerge-Triggered-By: GH:merwok (cherry picked from commit 2d080347d74078a55c47715d232d1ab8dc8cd603) Co-authored-by: Géry Ogam <gery.ogam@gmail.com> Co-authored-by: Géry Ogam <gery.ogam@gmail.com>
* bpo-43972: Set content-length to 0 for http.server.SimpleHTTPRequestHandler ↵Miss Islington (bot)2021-05-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | 301s (GH-25705) * Set content-length for simple http server 301s When http.server.SimpleHTTPRequestHandler sends a 301 (Moved Permanently) due to a missing file, it does not set a Content-Length of 0. Unfortunately, certain clients can be left waiting for the connection to be closed in this circumstance, even though no body will be sent. At time of writing, both curl and Firefox demonstrate this behavior. * Test Content-Length on simple http server redirect When serving a redirect, the SimpleHTTPRequestHandler will now send `Content-Length: 0`. Several tests for http.server already cover various behaviors and checks including redirection. This change only adds one check for the expected Content-Length on the simplest case for a redirect. * Add news entry for SimpleHTTPRequestHandler fix * Clarify the specific kind of 301 Co-authored-by: Senthil Kumaran <skumaran@gatech.edu> (cherry picked from commit fb427255614fc1f740e7785554c1da8ca39116c2) Co-authored-by: Stephen Rosen <sirosen@globus.org>
* GH-5054: CGIHTTPRequestHandler.run_cgi() HTTP_ACCEPT improperly parsed (#23638)Senthil Kumaran2020-12-051-6/+1
|
* Remove the conditional for setting query. (#23604)Senthil Kumaran2020-12-031-2/+1
|
* bpo-42413: socket.timeout is now an alias of TimeoutError (GH-23413)Christian Heimes2020-11-201-1/+1
| | | Signed-off-by: Christian Heimes <christian@python.org>
* bpo-40094: CGIHTTPRequestHandler logs exit code (GH-19285)Victor Stinner2020-04-021-2/+3
| | | | | | | CGIHTTPRequestHandler of http.server now logs the CGI script exit code, rather than the CGI script exit status of os.waitpid(). For example, if the script is killed by signal 11, it now logs: "CGI script exit code -11."
* bpo-35292: Avoid calling mimetypes.init when http.server is imported (GH-17822)An Long2020-01-081-13/+10
|
* bpo-38907: Suppress any exception when attempting to set V6ONLY. (GH-17864)Jason R. Coombs2020-01-061-1/+5
| | | Fixes error attempting to bind to IPv4 address.
* bpo-38907: In http.server script, restore binding to IPv4 on Windows. (GH-17851)Jason R. Coombs2020-01-061-1/+13
|
* bpo-38863: Improve is_cgi() in http.server (GH-17312)Siwon Kang2019-11-221-2/+4
| | | | | | | | | | | | | | | | | | | is_cgi() function of http.server library does not currently handle a cgi script if one of the cgi_directories is located at the sub-directory of given path. Since is_cgi() in CGIHTTPRequestHandler class separates given path into (dir, rest) based on the first seen '/', multi-level directories like /sub/dir/cgi-bin/hello.py is divided into head=/sub, rest=dir/cgi-bin/hello.py then check whether '/sub' exists in cgi_directories = [..., '/sub/dir/cgi-bin']. This patch makes the is_cgi() keep expanding dir part to the next '/' then checking if that expanded path exists in the cgi_directories. Signed-off-by: Siwon Kang <kkangshawn@gmail.com> https://bugs.python.org/issue38863
* bpo-35640: Allow passing PathLike arguments to SimpleHTTPRequestHandler ↵Géry Ogam2019-09-111-1/+1
| | | | (GH-11398)
* bpo-24209: In http.server script, rely on getaddrinfo to bind to preferred ↵Jason R. Coombs2019-02-071-10/+20
| | | | | | | address based on the bind parameter. (#11767) In http.server script, rely on getaddrinfo to bind to preferred address based on the bind parameter. As a result, now IPv6 is used as the default (including IPv4 on dual-stack systems). Enhanced tests.
* bpo-34711: Return HTTPStatus.NOT_FOUND if path.endswith('/') and not a ↵Michael Felt2018-12-261-0/+8
| | | | | | | | | | directory (GH-9687) AIX allows a trailing slash on local file system paths, which isn't what we want in http.server. Accordingly, check explicitly for this case in the server code, rather than relying on the OS raising an exception. Patch by Michael Felt.
* Adds IPv6 support when invoking http.server directly. (GH-10595)Lisa Roach2018-11-261-0/+3
|
* bpo-33663: Convert content length to string before putting to header (GH-7754)ValeriyaSinevich2018-06-181-1/+1
|
* bpo-31639: Change ThreadedHTTPServer to ThreadingHTTPServer class name (GH-7195)Géry Ogam2018-05-291-3/+3
|
* bpo-31639: Use threads in http.server module. (GH-5018)Julien Palard2018-03-231-2/+7
|
* bpo-31462: Remove trailing whitespaces. (#3564)Serhiy Storchaka2017-09-141-2/+2
|
* bpo-28707: Add the directory parameter to ↵Stéphane Wirtel2017-05-241-2/+13
| | | | | | | | http.server.SimpleHTTPRequestHandler and http.server module (#1776) * bpo-28707: call the constructor of SimpleHTTPRequestHandler in the test with a mock object * bpo-28707: Add the directory parameter to http.server.SimpleHTTPRequestHandler and http.server module
* bpo-30166: Import command-line parsing modules only when needed. (#1293)Serhiy Storchaka2017-05-041-1/+2
|
* bpo-29654 : Support If-Modified-Since HTTP header (browser cache) (#298)Pierre Quentel2017-04-021-4/+35
| | | | Return 304 response if file was not modified.
* Issue #28548: Parse HTTP request version even if too many words receivedMartin Panter2016-11-191-15/+18
|
* Issue #25738: Merge HTTP server from 3.5Martin Panter2016-06-081-13/+20
|\
| * Issue #25738: Don’t send message body for 205 Reset ContentMartin Panter2016-06-081-10/+20
| | | | | | | | Patch by Susumu Koshiba.
* | Issue #24902: Print server URL on http.server startupBerker Peksag2016-04-291-1/+2
| | | | | | | | Initial patch by Felix Kaiser.
* | Issue #26657: Merge http.server fix from 3.5Martin Panter2016-04-181-3/+3
|\ \ | |/
| * Issue #26657: Fix Windows directory traversal vulnerability with http.serverMartin Panter2016-04-181-3/+3
| | | | | | | | | | Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47.
* | Issue #26404: Add context manager to socketserver, by Aviv PalivodaMartin Panter2016-04-131-10/+8
| |
* | Issue #26585: Eliminate _quote_html() and use html.escape(quote=False)Martin Panter2016-04-111-8/+8
| | | | | | | | Patch by Xiang Zhang.
* | Issue #26586: Simple enhancements to BaseHTTPRequestHandler by Xiang ZhangMartin Panter2016-04-031-15/+13
| |
* | Issue #26586: Merge excessive HTTP header handling from 3.5Martin Panter2016-04-031-0/+7
|\ \ | |/
| * Issue #26586: Handle excessive header fields in http.server, by Xiang ZhangMartin Panter2016-04-031-0/+7
| |
* | Issue #747320: Use email.utils.formatdate() to avoid code duplicationBerker Peksag2016-03-141-6/+2
|/ | | | | | in BaseHTTPRequestHandler Initial patch by karlcow.
* Merge typo fixes from 3.4 into 3.5Martin Panter2015-10-071-1/+1
|\
| * Various minor typos in documentation and commentsMartin Panter2015-10-071-1/+1
| |
* | Issues #25232, #24657: Merge two CGI server fixes from 3.4 into 3.5Martin Panter2015-10-031-9/+10
|\ \ | |/
| * Issue #24657: Prevent CGIRequestHandler from collapsing the URL queryMartin Panter2015-10-031-4/+9
| | | | | | | | | | Initial patch from Xiang Zhang. Also fix out-of-date _url_collapse_path() doc string.
| * Issue #25232: Fix CGIRequestHandler's splitting of URL queryMartin Panter2015-10-031-5/+1
| | | | | | | | Patch from Xiang Zhang.
* | Issue #24774: Fix docstring in http.server.test.Robert Collins2015-08-171-2/+1
|\ \ | |/ | | | | Patch from Chiu-Hsiang Hsu.
| * Issue #24774: Fix docstring in http.server.test.Robert Collins2015-08-171-2/+1
| | | | | | | | Patch from Chiu-Hsiang Hsu.
* | Issue #21793: BaseHTTPRequestHandler again logs response code as numeric,Serhiy Storchaka2015-03-071-1/+2
| | | | | | | | not as stringified enum. Patch by Demian Brecht.
* | merge 3.4 (#23410)Benjamin Peterson2015-02-181-10/+10
|\ \ | |/
| * document the requestline and close_connection attributes, use real booleans, ↵Benjamin Peterson2015-02-181-10/+10
| | | | | | | | | | | | and add tests (closes #23410) Patch by Martin Panter.
* | Issue #23418: Add missing entries to http.server.__all__.Berker Peksag2015-02-131-1/+4
|\ \ | |/ | | | | Patch by Martin Panter.
| * Issue #23418: Add missing entries to http.server.__all__.Berker Peksag2015-02-131-1/+4
| | | | | | | | Patch by Martin Panter.
generated by cgit v0.12 at 2024-12-01 02:12:48 (GMT)