New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Http client, Bad Status Line triggered for no reason #86598
Comments
Hey, ## Expected Result Requests understanding the status line. ## Actual Result Requests is closing the connection. ## Reproduction Steps import requests
req = req = requests.get("http://127.0.0.1/", verify=False, allow_redir=False ) ## problem location if not version.startswith("HTTP/"):```
Regards. |
requests is a third-party library, and this isn't the right place to report issues with it. It looks like the requests issue tracker is at https://github.com/psf/requests/issues If you can duplicate this problem with only using the python standard library, then please let us know and we'll take a look. I'd have to do some research through the standards to determine if the problem is really with your server, though. |
Hi, Here I'm using requests to show the behavior because it relies on python's http lib, and it is faster/simplier to use. The Exception "BadStatusLine" is a part or the http/client.py library. As per the RFC2616 section 6.1 https://tools.ietf.org/html/rfc2616#section-6.1, there's nothing specifying that the HTTP verb must be uppercase, I think it's more a matter of "common sense". I might have missed something though! |
Here is the poc for this error with http.client only (for the server: use the same nc command as my first message): ```python
|
Thanks for the reproducer and the research! https://tools.ietf.org/html/rfc2616#section-3.1 says the result header is "HTTP", and doesn't say anything else is acceptable. I'd be interested in what other frameworks (probably in other languages) support. I'll do some research. |
https://tools.ietf.org/html/rfc2616#section-3.1 defines HTTP version indicator as HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT so the check version.startswith("HTTP/") is correct. |
Hi @christian.heimes, The server that answered this HTTP response line is a clone of the "spip" framework used in many websites. This is clearly a human behavior, but this http.client error could be a bit more "intelligent" I guess. |
urllib is a high level API on top of http.client. It wraps and uses http.client internally. urllib does not accept invalid protocol identifiers either: >>> urllib.request.urlopen('http://localhost:8080')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.8/urllib/request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib64/python3.8/urllib/request.py", line 525, in open
response = self._open(req, data)
File "/usr/lib64/python3.8/urllib/request.py", line 542, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "/usr/lib64/python3.8/urllib/request.py", line 502, in _call_chain
result = func(*args)
File "/usr/lib64/python3.8/urllib/request.py", line 1379, in http_open
return self.do_open(http.client.HTTPConnection, req)
File "/usr/lib64/python3.8/urllib/request.py", line 1354, in do_open
r = h.getresponse()
File "/usr/lib64/python3.8/http/client.py", line 1347, in getresponse
response.begin()
File "/usr/lib64/python3.8/http/client.py", line 307, in begin
version, status, reason = self._read_status()
File "/usr/lib64/python3.8/http/client.py", line 289, in _read_status
raise BadStatusLine(line)
http.client.BadStatusLine: Http/1.1 200 OK curl is more forgiving but does not recognize "Http/1.1" as a valid HTTP/1.1 header either. Instead it assumes that any non-valid header means HTTP/1.0. $ curl -v http://localhost:8080
* Trying ::1:8080...
* connect to ::1 port 8080 failed: Connection refused
* Trying 127.0.0.1:8080...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.69.1
> Accept: */*
>
* HTTP 1.0, assume close after body
< Http/1.1 200 OK
< Server: BaseHTTP/0.6 Python/3.8.6
< Date: Mon, 23 Nov 2020 09:10:38 GMT
< Content-Type: text/plain
<
* Closing connection 0 I'm against changing the behavior of http.client. |
Alright, that was a bad idea. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: