aboutsummaryrefslogtreecommitdiff
path: root/Lib/http
diff options
context:
space:
mode:
Diffstat (limited to 'Lib/http')
-rw-r--r--Lib/http/server.py33
1 files changed, 20 insertions, 13 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py
index bd94eaa01b7..e12e45bfc38 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py
@@ -446,23 +446,30 @@ class BaseHTTPRequestHandler(socketserver.StreamRequestHandler):
if explain is None:
explain = longmsg
self.log_error("code %d, message %s", code, message)
- # HTML encode to prevent Cross Site Scripting attacks (see bug #1100201)
- content = (self.error_message_format % {
- 'code': code,
- 'message': html.escape(message, quote=False),
- 'explain': html.escape(explain, quote=False)
- })
- body = content.encode('UTF-8', 'replace')
self.send_response(code, message)
- self.send_header("Content-Type", self.error_content_type)
self.send_header('Connection', 'close')
- self.send_header('Content-Length', int(len(body)))
+
+ # Message body is omitted for cases described in:
+ # - RFC7230: 3.3. 1xx, 204(No Content), 304(Not Modified)
+ # - RFC7231: 6.3.6. 205(Reset Content)
+ body = None
+ if (code >= 200 and
+ code not in (HTTPStatus.NO_CONTENT,
+ HTTPStatus.RESET_CONTENT,
+ HTTPStatus.NOT_MODIFIED)):
+ # HTML encode to prevent Cross Site Scripting attacks
+ # (see bug #1100201)
+ content = (self.error_message_format % {
+ 'code': code,
+ 'message': html.escape(message, quote=False),
+ 'explain': html.escape(explain, quote=False)
+ })
+ body = content.encode('UTF-8', 'replace')
+ self.send_header("Content-Type", self.error_content_type)
+ self.send_header('Content-Length', int(len(body)))
self.end_headers()
- if (self.command != 'HEAD' and
- code >= 200 and
- code not in (
- HTTPStatus.NO_CONTENT, HTTPStatus.NOT_MODIFIED)):
+ if self.command != 'HEAD' and body:
self.wfile.write(body)
def send_response(self, code, message=None):