summaryrefslogtreecommitdiffstats
path: root/Lib/http
Commit message (Collapse)AuthorAgeFilesLines
* bpo-36793: Remove unneeded __str__ definitions. (GH-13081)Serhiy Storchaka2019-05-061-2/+1
| | | | Classes that define __str__ the same as __repr__ can just inherit it from object.
* bpo-30458: Use InvalidURL instead of ValueError. (GH-13044)Gregory P. Smith2019-05-011-1/+1
| | | Use http.client.InvalidURL instead of ValueError as the new error case's exception.
* bpo-30458: Disallow control chars in http URLs. (GH-12755)Gregory P. Smith2019-05-011-0/+14
| | | Disallow control chars in http URLs in urllib.urlopen. This addresses a potential security problem for applications that do not sanity check their URLs where http request headers could be injected.
* bpo-36050: optimize HTTPResponse.read() (GH-12698)Inada Naoki2019-04-061-32/+10
| | | | * No need to chunking for now. * No need to partial read caused by EINTR for now.
* bpo-36522: Print all values for headers with multiple values. (GH-12681)Matt Houglum2019-04-041-2/+2
|
* bpo-35647: Fix path check in cookiejar (#11436)Xtreak2019-03-101-5/+9
| | | | | | | | | | | | * Refactor cookie path check as per RFC 6265 * Add tests for prefix match of path * Add news entry * Fix set_ok_path and refactor tests * Use slice for last letter
* bpo-35121: prefix dot in domain for proper subdomain validation (GH-10258)Xtreak2019-03-101-2/+11
| | | Don't send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with `http.cookiejar.DefaultCookiePolicy` policy. Patch by Karthikeyan Singaravelan.
* bpo-36043: FileCookieJar supports os.PathLike (GH-11945)Stéphane Wirtel2019-03-011-4/+2
| | | https://bugs.python.org/issue36043
* bpo-24209: In http.server script, rely on getaddrinfo to bind to preferred ↵Jason R. Coombs2019-02-071-10/+20
| | | | | | | address based on the bind parameter. (#11767) In http.server script, rely on getaddrinfo to bind to preferred address based on the bind parameter. As a result, now IPv6 is used as the default (including IPv4 on dual-stack systems). Enhanced tests.
* bpo-34711: Return HTTPStatus.NOT_FOUND if path.endswith('/') and not a ↵Michael Felt2018-12-261-0/+8
| | | | | | | | | | directory (GH-9687) AIX allows a trailing slash on local file system paths, which isn't what we want in http.server. Accordingly, check explicitly for this case in the server code, rather than relying on the OS raising an exception. Patch by Michael Felt.
* Adds IPv6 support when invoking http.server directly. (GH-10595)Lisa Roach2018-11-261-0/+3
|
* bpo-34911: Added support for secure websocket cookies (GH-9734)Paul Bailey2018-10-081-1/+3
|
* bpo-33365: print the header values beside the keys (GH-6611)Marco Strigl2018-06-191-1/+1
| | | | | with debuglevel=1 only the header keys got printed. With this change the header values get printed as well and the single header entries get '\n' as a separator.
* bpo-33663: Convert content length to string before putting to header (GH-7754)ValeriyaSinevich2018-06-181-1/+1
|
* bpo-31639: Change ThreadedHTTPServer to ThreadingHTTPServer class name (GH-7195)Géry Ogam2018-05-291-3/+3
|
* bpo-991266: Fix quoting of Comment attribute of SimpleCookie (GH-6555)Berker Peksag2018-04-221-0/+2
|
* Removed a confusing line from a docstring in http.cookies (GH-6482)Alex Gaynor2018-04-151-2/+1
| | | There's no reason a cookie should _ever_ contain pickled data. That's just asking for a critical security vulnerability. Back in Python2 there were helpers for doing that, but they're no more in Python3. Now coded_value is used when the value needs to be encoded for any reason.
* bpo-29613: Added support for SameSite cookies (GH-6413)Alex Gaynor2018-04-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * bpo-29613: Added support for SameSite cookies Implemented as per draft https://tools.ietf.org/html/draft-west-first-party-cookies-07 * Documented SameSite And suggestions by members. * Missing space :( * Updated News and contributors * Added version changed details. * Fix in documentation * fix in documentation * Clubbed test cases for same attribute into single. * Updates * Style nits + expand tests * review feedback
* bpo-31639: Use threads in http.server module. (GH-5018)Julien Palard2018-03-231-2/+7
|
* bpo-31399: Let OpenSSL verify hostname and IP address (#3462)Christian Heimes2018-01-271-8/+2
| | | | | | | | | | | | | | | bpo-31399: Let OpenSSL verify hostname and IP The ssl module now uses OpenSSL's X509_VERIFY_PARAM_set1_host() and X509_VERIFY_PARAM_set1_ip() API to verify hostname and IP addresses. * Remove match_hostname calls * Check for libssl with set1_host, libssl must provide X509_VERIFY_PARAM_set1_host() * Add documentation for OpenSSL 1.0.2 requirement * Don't support OpenSSL special mode with a leading dot, e.g. ".example.org" matches "www.example.org". It's not standard conform. * Add hostname_checks_common_name Signed-off-by: Christian Heimes <christian@python.org>
* bpo-32297: Few misspellings found in Python source code comments. (#4803)Mike2017-12-141-1/+1
| | | | | | | | * Fix multiple typos in code comments * Add spacing in comments (test_logging.py, test_math.py) * Fix spaces at the beginning of comments in test_logging.py
* bpo-31945: Configurable blocksize in HTTP(S)Connection (#4279)Nir Soffer2017-11-061-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | blocksize was hardcoded to 8192, preventing efficient upload when using file-like body. Add blocksize argument to __init__, so users can configure the blocksize to fit their needs. I tested this uploading data from /dev/zero to a web server dropping the received data, to test the overhead of the HTTPConnection.send() with a file-like object. Here is an example 10g upload with the default buffer size (8192): $ time ~/src/cpython/release/python upload-httplib.py 10 https://localhost:8000/ Uploaded 10.00g in 17.53 seconds (584.00m/s) real 0m17.574s user 0m8.887s sys 0m5.971s Same with 512k blocksize: $ time ~/src/cpython/release/python upload-httplib.py 10 https://localhost:8000/ Uploaded 10.00g in 6.60 seconds (1551.15m/s) real 0m6.641s user 0m3.426s sys 0m2.162s In real world usage the difference will be smaller, depending on the local and remote storage and the network. See https://github.com/nirs/http-bench for more info.
* bpo-30553: Add status code 421 to http.HTTPStatus (GH-2589)Vitor Pereira2017-10-261-0/+3
|
* bpo-31462: Remove trailing whitespaces. (#3564)Serhiy Storchaka2017-09-141-2/+2
|
* bpo-31370: Remove support for threads-less builds (#3385)Antoine Pitrou2017-09-071-4/+1
| | | | | | * Remove Setup.config * Always define WITH_THREAD for compatibility.
* bpo-28707: Add the directory parameter to ↵Stéphane Wirtel2017-05-241-2/+13
| | | | | | | | http.server.SimpleHTTPRequestHandler and http.server module (#1776) * bpo-28707: call the constructor of SimpleHTTPRequestHandler in the test with a mock object * bpo-28707: Add the directory parameter to http.server.SimpleHTTPRequestHandler and http.server module
* Remove duplicate line in Lib/http/client.py (#1665)remitamine2017-05-191-1/+0
|
* bpo-30166: Import command-line parsing modules only when needed. (#1293)Serhiy Storchaka2017-05-041-1/+2
|
* bpo-30144: Import collections ABC from collections.abc rather than ↵Serhiy Storchaka2017-04-241-2/+2
| | | | collections. (#1263)
* bpo-29654 : Support If-Modified-Since HTTP header (browser cache) (#298)Pierre Quentel2017-04-021-4/+35
| | | | Return 304 response if file was not modified.
* Issue #29192: Removed deprecated features in the http.cookies module.Serhiy Storchaka2017-01-131-29/+1
|
* Remove unused imports.Serhiy Storchaka2016-12-161-1/+0
|
* Issue #28548: Parse HTTP request version even if too many words receivedMartin Panter2016-11-191-15/+18
|
* Issue #23214: Remove BufferedReader.read1(-1) workaroundMartin Panter2016-10-211-8/+1
|
* Issue #22493: Inline flags now should be used only at the start of theSerhiy Storchaka2016-09-111-2/+1
| | | | | regular expression. Deprecation warning is emitted if uses them in the middle of the regular expression.
* Issue #28022: Deprecate ssl-related arguments in favor of SSLContext.Christian Heimes2016-09-101-0/+6
| | | | | | | The deprecation include manual creation of SSLSocket and certfile/keyfile (or similar) in ftplib, httplib, imaplib, smtplib, poplib and urllib. ssl.wrap_socket() is not marked as deprecated yet.
* Issue 27948: Allow backslashes in the literal string portion of f-strings, ↵Eric V. Smith2016-09-101-1/+1
| | | | but not in the expressions. Also, require expressions to begin and end with literal curly braces.
* [merge from 3.5] - Issue28010 - Make http.client.HTTPConnection.putrequestSenthil Kumaran2016-09-081-1/+2
|\ | | | | | | documentation consistent with the code.
| * Issue28010 - Make http.client.HTTPConnection.putrequest documentation ↵Senthil Kumaran2016-09-081-1/+2
| | | | | | | | consistent with the code.
| * Issue #27895: Spelling fixes (Contributed by Ville Skyttä).Martin Panter2016-09-071-1/+1
| |
* | #27364: fix "incorrect" uses of escape character in the stdlib.R David Murray2016-09-083-5/+5
| | | | | | | | | | | | | | And most of the tools. Patch by Emanual Barry, reviewed by me, Serhiy Storchaka, and Martin Panter.
* | Issue 27921: Remove backslash from another f-string.Eric V. Smith2016-09-031-1/+1
| |
* | Issue #27895: Spelling fixes (Contributed by Ville Skyttä).Raymond Hettinger2016-08-301-1/+1
| |
* | Issue #12319: Always send file request bodies using chunked encodingMartin Panter2016-08-271-23/+8
| | | | | | | | | | | | | | The previous attempt to determine the file’s Content-Length gave a false positive for pipes on Windows. Also, drop the special case for sending zero-length iterable bodies.
* | MergeRaymond Hettinger2016-08-261-1/+1
|\ \ | |/
| * Issue 19504: Change "customise" to "customize" American spelling.Raymond Hettinger2016-08-261-1/+1
| |
* | Issue #12319: Support for chunked encoding of HTTP request bodiesMartin Panter2016-08-241-50/+149
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the body object is a file, its size is no longer determined with fstat(), since that can report the wrong result (e.g. reading from a pipe). Instead, determine the size using seek(), or fall back to chunked encoding for unseekable files. Also, change the logic for detecting text files to check for TextIOBase inheritance, rather than inspecting the “mode” attribute, which may not exist (e.g. BytesIO and StringIO). The Content-Length for text files is no longer determined ahead of time, because the original logic could have been wrong depending on the codec and newline translation settings. Patch by Demian Brecht and Rolf Krahl, with a few tweaks by me.
* | [merge from 3.5] - Issue #27466: Change time format returned bySenthil Kumaran2016-07-101-1/+1
|\ \ | |/ | | | | http.cookie.time2netscape, confirming the netscape cookie format.
| * Issue #27466: Change time format returned by http.cookie.time2netscape,Senthil Kumaran2016-07-101-1/+1
| | | | | | | | confirming the netscape cookie format.
* | Issue #25738: Merge HTTP server from 3.5Martin Panter2016-06-081-13/+20
|\ \ | |/