New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When Content-Length differs from received message body length, an exception should be raised #1855
Comments
Thanks for raising this issue! I have mixed feelings. Firstly, I'd argue that Requests is not technically a user-agent, it's a library. This frees us from some of the constraints of user-agent behaviour (and in fact we take that liberty elsewhere in the library, like with our behaviour on redirects). Secondly, if we throw an exception we irrevocably destroy the data we read. It becomes impossible to access. This means that situations where the user might want to 'muddle through', taking as much of the data as they were able to read and keeping hold of it, becomes a little bit harder. (They'd have to use the streaming API, on which we should not enforce this logic.) Finally, even if we did want this logic we'd need to implement it in urllib3. With that said, I'm not totally opposed to doing it, it just feels excessive to throw an exception for what is a minor and easily detectable error. |
@Lukasa I agree wholeheartedly with everything you said. Your reservations (regarding data loss), however, make me wonder if we shouldn't be attaching the response object to the exceptions we throw. That's a different discussion which should take place on a different issue but I thought I might raise that idea before I forget it. On the topic of this issue, I can understand that people may want this and that there are corner cases where the Content Length is not exactly a match for the response body (and in those cases it is okay). I can especially see the benefit where users use requests to perform tests on their servers and web apps. With that in mind, would something similar to One other alternative is to provide this functionality via the toolbelt. This way users have confidence in the implementation and they just need to import one extra thing. |
We do explicitly attach the response to a Additionally, I'm -1 on all extensions to the requests interface without good justification. This one doesn't have one, so a new import requests
import requests_toolbelt
r = requests.get('http://stupid_buggy_server.com/')
requests_toolbelt.validate_response(r) # Throws exception, or returns some relevant return code. import requests
import requests_toolbelt
requests_toolbelt.use_checked_responses() # Monkeypatches requests.response
r = requests.get('http://stupid_buggy_server.com/')
r.raise_if_invalid() # Throws exception. |
Is this being suppressed somewhere in requests? |
Nope, we don't stop |
I get that exception during the call to |
Yeah, set the
|
Got it. You're right, the exception isn't raised when using |
I'm closing this for the same reason we closed urllib3/urllib3#311. |
The HTTP 1.1 RFC specifies:
"When a Content-Length is given in a message where a message-body is allowed, its field value MUST exactly match the number of OCTETs in the message-body. HTTP/1.1 user agents MUST notify the user when an invalid length is received and detected."
See: http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4
Here is a simple repro. It seems like the call to
requests.get
should raise an exception rather than silently succeed. Note that python 2.xurllib2
has identical behavior torequests
here, but I believe that constitutes a bug inurllib2
.curl
, on the other hand, outputs the message body but has a return code of 18 ("Partial file. Only a part of the file was transferred."). In python 3.3 (and presumably earlier releases of python 3.x)urllib.request
raiseshttp.client.IncompleteRead: IncompleteRead(5 bytes read, 15 more expected)
, which is in line with the spec.The text was updated successfully, but these errors were encountered: