summaryrefslogtreecommitdiffstats
path: root/Lib/http
Commit message (Collapse)AuthorAgeFilesLines
* [3.5] bpo-38216, bpo-36274: Allow subclasses to separately override ↵Jason R. Coombs2019-10-081-11/+21
| | | | | | validation and encoding behavior (GH-16448) (#16475) * [3.5] bpo-38216, bpo-36274: Allow subclasses to separately override validation and encoding behavior (GH-16448)
* bpo-30458: Disallow control chars in http URLs. (GH-12755) (#13207)Miro Hrončok2019-07-141-0/+16
| | | | | | | | | | Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected. Disable https related urllib tests on a build without ssl (GH-13032) These tests require an SSL enabled build. Skip these tests when python is built without SSL to fix test failures. Use http.client.InvalidURL instead of ValueError as the new error case's exception. (GH-13044) Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
* [3.5] bpo-35121: prefix dot in domain for proper subdomain validation ↵Xtreak2019-03-171-2/+11
| | | | | | | | (GH-10258) (#12281) Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan. (cherry picked from commit ca7fe5063593958e5efdf90f068582837f07bd14) Co-authored-by: Xtreak <tir.karthi@gmail.com>
* bpo-35647: Fix path check in cookiejar (#11436) (#12277)Xtreak2019-03-161-5/+9
| | | | | | | | | | | | | * Refactor cookie path check as per RFC 6265 * Add tests for prefix match of path * Add news entry * Fix set_ok_path and refactor tests * Use slice for last letter (cherry picked from commit 0e1f1f01058bd4a9b98cfe443214adecc019a38c)
* Issue28010 - Make http.client.HTTPConnection.putrequest documentation ↵Senthil Kumaran2016-09-081-1/+2
| | | | consistent with the code.
* Issue #27895: Spelling fixes (Contributed by Ville Skyttä).Martin Panter2016-09-071-1/+1
|
* Issue 19504: Change "customise" to "customize" American spelling.Raymond Hettinger2016-08-261-1/+1
|
* Issue #27466: Change time format returned by http.cookie.time2netscape,Senthil Kumaran2016-07-101-1/+1
| | | | confirming the netscape cookie format.
* Issue #25738: Don’t send message body for 205 Reset ContentMartin Panter2016-06-081-10/+20
| | | | Patch by Susumu Koshiba.
* Issue #27076: Doc, comment and tests spelling fixesMartin Panter2016-05-261-1/+1
| | | | Most fixes to Doc/ and Lib/ directories by Ville Skyttä.
* Fix typos in comments, documentation and test method namesMartin Panter2016-05-081-1/+1
|
* Issue #26657: Fix Windows directory traversal vulnerability with http.serverMartin Panter2016-04-181-3/+3
| | | | | Based on patch by Philipp Hagemeister. This fixes a regression caused by revision f4377699fd47.
* Fix typos in documentation and commentsMartin Panter2016-04-051-1/+1
|
* Issue #26586: Handle excessive header fields in http.server, by Xiang ZhangMartin Panter2016-04-031-0/+7
|
* Issue #26499: Fixes to HTTPResponse.readline() and read1(), by Silent GhostMartin Panter2016-03-171-0/+8
|
* Issue #16181: cookiejar.http2time() now returns None if year is higher than ↵Berker Peksag2016-03-141-1/+4
| | | | datetime.MAXYEAR
* Issue #26302: Correctly identify comma as an invalid character for a cookie ↵Anish Shah2016-02-071-1/+1
| | | | (correcting regression in Python 3.5).
* Issue #26045: Add UTF-8 suggestion to error in http.clientMartin Panter2016-02-091-1/+16
| | | | Based on patch by Guido van Rossum.
* Merge typo and grammar fixes from 3.4 into 3.5Martin Panter2015-11-141-4/+4
|\
| * Correct Content-Type syntax in documentationMartin Panter2015-11-141-4/+4
| |
* | Issue #25523: Merge a-to-an corrections from 3.4.Serhiy Storchaka2015-11-021-1/+1
|\ \ | |/
| * Issue #25523: Further a-to-an corrections.Serhiy Storchaka2015-11-021-1/+1
| |
* | Merge typo fixes from 3.4 into 3.5Martin Panter2015-10-071-1/+1
|\ \ | |/
| * Various minor typos in documentation and commentsMartin Panter2015-10-071-1/+1
| |
* | Issues #25232, #24657: Merge two CGI server fixes from 3.4 into 3.5Martin Panter2015-10-031-9/+10
|\ \ | |/
| * Issue #24657: Prevent CGIRequestHandler from collapsing the URL queryMartin Panter2015-10-031-4/+9
| | | | | | | | | | Initial patch from Xiang Zhang. Also fix out-of-date _url_collapse_path() doc string.
| * Issue #25232: Fix CGIRequestHandler's splitting of URL queryMartin Panter2015-10-031-5/+1
| | | | | | | | Patch from Xiang Zhang.
* | Issue #24774: Fix docstring in http.server.test.Robert Collins2015-08-171-2/+1
|\ \ | |/ | | | | Patch from Chiu-Hsiang Hsu.
| * Issue #24774: Fix docstring in http.server.test.Robert Collins2015-08-171-2/+1
| | | | | | | | Patch from Chiu-Hsiang Hsu.
* | Issue #23888: Handle fractional time in cookie expiry. Patch by ssh.Robert Collins2015-08-031-1/+1
|\ \ | |/
| * Issue #23888: Handle fractional time in cookie expiry. Patch by ssh.Robert Collins2015-08-031-1/+1
| |
* | merge 3.4 (#22931)Benjamin Peterson2015-05-231-3/+4
|\ \ | |/
| * merge 3.3 (#22931)Benjamin Peterson2015-05-231-3/+4
| |\
| | * merge 3.2 (#22931)Benjamin Peterson2015-05-231-3/+4
| | |\
| | | * allow square brackets in cookie values (closes #22931)Benjamin Peterson2015-05-231-3/+4
| | | |
| | | * Lax cookie parsing in http.cookies could be a security issue when combinedAntoine Pitrou2014-09-161-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | with non-standard cookie handling in some Web browsers. Reported by Sergey Bobrov.
| | | * Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more thanGeorg Brandl2014-09-301-0/+4
| | | | | | | | | | | | | | | | 100 headers are read. Adapted from patch by Jyrki Pulliainen.
* | | | Issue #23865: close() methods in multiple modules now are idempotent and moreSerhiy Storchaka2015-04-101-9/+15
|\ \ \ \ | |/ / / | | | | | | | | | | | | robust at shutdown. If needs to release multiple resources, they are released even if errors are occured.
| * | | Issue #23865: close() methods in multiple modules now are idempotent and moreSerhiy Storchaka2015-04-101-9/+15
| | | | | | | | | | | | | | | | | | | | robust at shutdown. If needs to release multiple resources, they are released even if errors are occured.
* | | | #3566: Clean up handling of remote server disconnects.R David Murray2015-04-051-7/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changeset does two things: introduces a new RemoteDisconnected exception (that subclasses ConnectionResetError and BadStatusLine) so that a remote server disconnection can be detected by client code (and provides a better error message for debugging purposes), and ensures that the client socket is closed if a ConnectionError happens, so that the automatic re-connection code can work if the application handles the error and continues on. Tests are added that confirm that a connection is re-used or not re-used as appropriate to the various combinations of protocol version and headers. Patch by Martin Panter, reviewed by Demian Brecht. (Tweaked only slightly by me.)
* | | | Issue #22831: Use "with" to avoid possible fd leaks.Serhiy Storchaka2015-04-041-1/+0
| | | |
* | | | #2211: properly document the Morsel behavior changes.R David Murray2015-03-291-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Also deprecate the undocumented set argument instead of removing it already in 3.5. Initial patch by Demian Brecht.
* | | | Merge: #23539: Set Content-Length to 0 for PUT, POST, and PATCH if body is None.R David Murray2015-03-221-13/+24
|\ \ \ \ | |/ / /
| * | | #23539: Set Content-Length to 0 for PUT, POST, and PATCH if body is None.R David Murray2015-03-221-13/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some http servers will reject PUT, POST, and PATCH requests if they do not have a Content-Length header. Patch by James Rutherford, with additional cleaning up of the 'request' documentation by me.
* | | | Restored backward compatibility of pickling http.cookies.Morsel. It wasSerhiy Storchaka2015-03-181-0/+12
| | | | | | | | | | | | | | | | broken after converting instance attributes to properies in issue #2211.
* | | | Issue #2211: Updated the implementation of the http.cookies.Morsel class.Serhiy Storchaka2015-03-181-86/+94
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Setting attributes key, value and coded_value directly now is deprecated. update() and setdefault() now transform and check keys. Comparing for equality now takes into account attributes key, value and coded_value. copy() now returns a Morsel, not a dict. repr() now contains all attributes. Optimized checking keys and quoting values. Added new tests. Original patch by Demian Brecht.
* | | | Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar.Serhiy Storchaka2015-03-131-15/+31
|\ \ \ \ | |/ / / | | | | | | | | Patch by Demian Brecht.
| * | | Issue #23138: Fixed parsing cookies with absent keys or values in cookiejar.Serhiy Storchaka2015-03-131-15/+31
| | | | | | | | | | | | | | | | Patch by Demian Brecht.
* | | | Issue #22928: Disabled HTTP header injections in http.client.Serhiy Storchaka2015-03-121-0/+37
|\ \ \ \ | |/ / / | | | | | | | | Original patch by Demian Brecht.
| * | | Issue #22928: Disabled HTTP header injections in http.client.Serhiy Storchaka2015-03-121-0/+37
| | | | | | | | | | | | | | | | Original patch by Demian Brecht.
generated by cgit v0.12 at 2026-01-02 11:40:30 (GMT)