aboutsummaryrefslogtreecommitdiff
path: root/Lib/http
diff options
context:
space:
mode:
authorMartin Panter <vadmium+py@gmail.com>2016-06-08 09:45:58 +0000
committerMartin Panter <vadmium+py@gmail.com>2016-06-08 09:45:58 +0000
commit40de69ac588cece85fd3ed7fad06cdfdaf8f5e6a (patch)
tree050a0298638d1ccc2d272c8590a5277a12cd7bd1 /Lib/http
parentIssue #21313: Merge version parsing from 3.5 (diff)
parentIssue #25738: Don’t send message body for 205 Reset Content (diff)
downloadcpython-40de69ac588cece85fd3ed7fad06cdfdaf8f5e6a.tar.gz
cpython-40de69ac588cece85fd3ed7fad06cdfdaf8f5e6a.tar.bz2
cpython-40de69ac588cece85fd3ed7fad06cdfdaf8f5e6a.zip
Issue #25738: Merge HTTP server from 3.5
Diffstat (limited to 'Lib/http')
-rw-r--r--Lib/http/server.py33
1 files changed, 20 insertions, 13 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py
index bd94eaa01b7..e12e45bfc38 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py
@@ -446,23 +446,30 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler):
if explain is None:
explain = longmsg
self.log_error("code %d, message %s", code, message)
- # HTML encode to prevent Cross Site Scripting attacks (see bug #1100201)
- content = (self.error_message_format % {
- 'code': code,
- 'message': html.escape(message, quote=False),
- 'explain': html.escape(explain, quote=False)
- })
- body = content.encode('UTF-8', 'replace')
self.send_response(code, message)
- self.send_header("Content-Type", self.error_content_type)
self.send_header('Connection', 'close')
- self.send_header('Content-Length', int(len(body)))
+
+ # Message body is omitted for cases described in:
+ # - RFC7230: 3.3. 1xx, 204(No Content), 304(Not Modified)
+ # - RFC7231: 6.3.6. 205(Reset Content)
+ body = None
+ if (code >= 200 and
+ code not in (HTTPStatus.NO_CONTENT,
+ HTTPStatus.RESET_CONTENT,
+ HTTPStatus.NOT_MODIFIED)):
+ # HTML encode to prevent Cross Site Scripting attacks
+ # (see bug #1100201)
+ content = (self.error_message_format % {
+ 'code': code,
+ 'message': html.escape(message, quote=False),
+ 'explain': html.escape(explain, quote=False)
+ })
+ body = content.encode('UTF-8', 'replace')
+ self.send_header("Content-Type", self.error_content_type)
+ self.send_header('Content-Length', int(len(body)))
self.end_headers()
- if (self.command != 'HEAD' and
- code >= 200 and
- code not in (
- HTTPStatus.NO_CONTENT, HTTPStatus.NOT_MODIFIED)):
+ if self.command != 'HEAD' and body:
self.wfile.write(body)
def send_response(self, code, message=None):