[wptserve] Rework header encoding/decoding in Request #13246
Conversation
| @@ -308,7 +308,7 @@ def POST(self): | |||
| self.raw_input.seek(0) | |||
| fs = cgi.FieldStorage(fp=self.raw_input, | |||
| environ={"REQUEST_METHOD": self.method}, | |||
| headers=self.headers, | |||
| headers=self.raw_headers, | |||
There was a problem hiding this comment.
Why the behaviour change here?
There was a problem hiding this comment.
Because cgi.FieldStorage needs to parse the headers and expect the values to be string not bytes. Since self.readers is read-only, I figure it would be safe to pass in the original raw_headers here.
There was a problem hiding this comment.
self.raw_headers is the headers as bytes, no? What type does cgi.FieldStorage expect? str on both Py2/3, no?
There was a problem hiding this comment.
self.raw_headers is BaseHTTPRequestHandler.headers; and both its keys and values are str on both Py2/3, which is why we need to _maybe_encode them in RequestHeaders.
|
A few clarifications from the discussions on IRC regarding whether we should encode the header values back to bytes (i.e. First of all, regardless of the approach (whether to encode and which encoding to use), this WILL NOT affect existing tests (namely custom handlers) at all. Currently, WPT only really works with Python 2, and in Python 2 headers (both names and values) have People reasonably want Now, since many custom handlers don't work in Python 3 in the first place, I'm inclined to to |
Hexcles
force-pushed
the
do-not-decode-header-values
branch
from
4fdd08b
to
67d7b78
Compare
|
@gsnedders This PR is ready for review again. I addressed all your comments but one (the |
It's not? Using bytes is perhaps purer in a way, but if you make them strings that is the way to go. Anything else would lead to information loss. |
|
To be precise, broken as in if you try to do string operations on them
(counting lengths, printing, etc.), the semantics are wrong, so they are
not really text strings and the type is hence misleading (you really have
to treat these str as bytes). There's no information loss.
…On Sat, Sep 29, 2018, 09:35 Anne van Kesteren ***@***.***> wrote:
and encoding non-ASCII characters in iso-8859-1 is broken
It's not? Using bytes is perhaps purer in a way, but if you make them
strings that is the way to go. Anything else would lead to information loss.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#13246 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABXsjHelUVGUsQCB-0g_64BQse884ke7ks5uf3cSgaJpZM4W9eVD>
.
|
|
I suspect that supporting only |
|
@Ms2ger you mean keys should also be binary type? Yeah I can do that. It might be break a few more things (in Python 3 only) but it's probably more consistent. |
|
@Ms2ger @gsnedders there's one complication here. Technically, a byte string doesn't have the |
|
@Hexcles Yes it does? |
|
@gsnedders duh my bad. Yeah let me update the PR. |
Hexcles
force-pushed
the
do-not-decode-header-values
branch
from
67d7b78
to
a69a669
Compare
|
@gsnedders @Ms2ger PTAL again |
| @@ -308,7 +308,7 @@ def POST(self): | |||
| self.raw_input.seek(0) | |||
| fs = cgi.FieldStorage(fp=self.raw_input, | |||
| environ={"REQUEST_METHOD": self.method}, | |||
| headers=self.headers, | |||
| headers=self.raw_headers, | |||
There was a problem hiding this comment.
self.raw_headers is the headers as bytes, no? What type does cgi.FieldStorage expect? str on both Py2/3, no?
Ms2ger
force-pushed
the
do-not-decode-header-values
branch
from
f10c76e
to
ce24036
Compare
|
Just as an fyi guys I'm also waiting on this re-land as I suspect the revert broke the "wpt / content-security-policy / generic / only-valid-whitespaces-are-allowed.html" test. There hasn't been any movement on this for a week and I just want to make sure that this will eventually get merged. |
Ms2ger
force-pushed
the
do-not-decode-header-values
branch
from
ce24036
to
26d33f0
Compare
|
If @Hexcles hasn't done it by tomorrow, I'll squash them all together. |
The test sends a request to wptserve with non-ASCII characters in a header and sets up a simple handler to return the value of that header. The server shouldn't crash in either Python 2 or 3, and the response should not be garbled. The server crashes in Python 2 (#13204).
This change changes the encoding/decoding of headers in Request and username/password in Authentication: now all keys and values have binary type (because of an implementation detail in the Python 3 standard library, we actually need to re-encode the headers back to bytes in Python 3). Documentation and comments are also improved to clarify the encoding situation. Also add test cases for non-ASCII characters in auth headers.
Hexcles
force-pushed
the
do-not-decode-header-values
branch
from
26d33f0
to
887214f
Compare
|
Thanks for the review, @gsnedders . (The comment threads do look quite confusing...) I just cleaned up the history and will merge the rebase-merge PR once Travis passes. |
The most important two changes to roll: * [wptserve] Rework header encoding/decoding in Request (web-platform-tests/wpt#13246): needed to fix tests with non-ASCII cookies * Fix handling of about:blank in lint (web-platform-tests/wpt#13489): needed to unblock the importer Bug: 895239 Change-Id: I10b308c19bdb20d2a1ec5af8dece42d7ada7e25b Reviewed-on: https://chromium-review.googlesource.com/c/1279195 Commit-Queue: Robert Ma <[email protected]> Reviewed-by: Philip Jägenstedt <[email protected]> Cr-Commit-Position: refs/heads/master@{#599617}
This PR relands the reverted #13248 from @Ms2ger , but with some tweaks on how to encode/decode the headers. See individual commits for details.
Fixes #13204 .