Request.body hangs forever when no body is submitted

[Sirtea]

Hi all,

I am making a really minimal API mongodb based. By chance, I have discovered a bug when reading request.body, that causes code to hang forever. I tried to reproduce the bare minimum to show the error, as stated here:

The application is really minimal, as follows (it has also a wsgiref.simple_server:make_server instance, but it's unimportant):

from webob.dec import wsgify
from webob import Response

@wsgify
def application(req):
    print dict((key, value) for key, value in req.environ.iteritems() if key.startswith('CON'))
    print repr(req.body)
    return Response(body='Hello world\n', content_type='text/plain', status=200)

And the "API" invocations is done via curl, as follows:

gerard@sirius:~/projects/test$ curl -i -X POST http://localhost:8080/ --data ''
HTTP/1.0 200 OK
Date: Tue, 08 Mar 2016 20:33:48 GMT
Server: WSGIServer/0.1 Python/2.7.9
Content-Type: text/plain; charset=UTF-8
Content-Length: 12

Hello world
gerard@sirius:~/projects/test$ curl -i -X POST http://localhost:8080/
(blocks forever)

During this two invocations, it's clear that reading req.body blocks everything, when CONTENT_LENGTH is '' instead of '0'.

gerard@sirius:~/projects/test$ ./a.py 
Listening on port 8080...
{'CONTENT_LENGTH': '0', 'CONTENT_TYPE': 'application/x-www-form-urlencoded'}
''
127.0.0.1 - - [08/Mar/2016 21:33:48] "POST / HTTP/1.1" 200 12
{'CONTENT_LENGTH': '', 'CONTENT_TYPE': 'text/plain'}
(blocks forever)

I'm really worried about this because body is out of my reach, depending on my users' good faith.

If it helps, the only module involved is WebOb==1.5.1, pip'ed from pypi

Regards

[digitalresistor]

This one is fun...

[digitalresistor]

So after chewing it on it for a couple more days, I am closing this as WONTFIX. wsgiref.simple_server:make_server doesn't actually follow PEP3333 from what I am able to find, and allows the socket to block, when according to PEP3333 it should return an empty byte character:

A server should return empty bytestrings from any attempt to read from an empty or exhausted input stream.

Since in this case there is no content-length sent, it should treat it as an empty body (0 byte content length), thus the WSGI server should return an empty bytestring.

A server like https://github.com/Pylons/waitress does not exhibit this same problem, and is correctly returning an empty bytestring.

Testing with waitress:

alexandra:~ xistence$ curl -i -X POST http://localhost:6543/
HTTP/1.1 200 OK
Content-Length: 13
Content-Type: text/html; charset=UTF-8
Date: Sun, 20 Mar 2016 19:16:05 GMT
Server: waitress

Hello world

[Sirtea]

I'm satisfied with both, evidences and explanation.

As a future reference, I have tested with waitress, gunicorn, uwsgi and wsgiref.simple_server (py27 and py34). Only the reference server fails, in both versions.

I'ts kind of ironic that reference implementation (wsgiref) is the first to violate his own standard...

Nice catch!