-
Notifications
You must be signed in to change notification settings - Fork 178
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Uncaptured exception instead of 400 when receiving non-ascii bytes in request url #64
Labels
Comments
FWIW, as a note to myself, the UnicodeDecodeError doesn't occur under Python 2, only under Python 3. |
mcdonc
added a commit
that referenced
this issue
Jul 14, 2014
…ueless about what the right thing to do is.
What about modifying the test in the way that I suggested in this pull request #162 ? |
digitalresistor
added a commit
that referenced
this issue
Aug 16, 2017
Fix issue #64 Uncaptured exception instead of 400 when receiving non-ascii bytes in request url
Thank you @bertjwregeer ! To be clear to anyone lurking, the fix has been merged but not yet released on PyPI. |
This was referenced Oct 11, 2017
waitress 1.1.0 has been released on PyPI, and it includes this fix. |
This was referenced Oct 16, 2017
This was referenced Oct 23, 2017
This was referenced Nov 19, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi.
I have waitress installed on my production server and it generates strange exceptions. Like this:
I found that these exceptions generated when some stupid bot sends request with raw bytes \xd0 in http header in first line. Here is a line from nginx log (nginx proxy queries to waitress):
As you can see, here the client sent both urlescaped and raw bytes in GET. According to RFC, url must by escaped. But nginx doesn't care.
I also wrote simple POC to demonstrate the issue:
I think Waitress should be able to handle this exception. It will be better just send 400 Bad Request to the client. Take a look at the rfc - http://tools.ietf.org/html/rfc2616#section-5.1.2
The text was updated successfully, but these errors were encountered: