From ed9902d214a4447e94780444853031b9f8a1e7e8 Mon Sep 17 00:00:00 2001 From: vvanglro Date: Thu, 17 Oct 2024 22:53:23 +0800 Subject: [PATCH 1/3] fix(http): enable lenient data after close and upgrade httptools dependency- Set dangerous leniency for HTTP parsing to handle data received after connection close - Upgrade httptools dependency from >=0.5.0 to >=0.6.3 for improved functionality and security --- pyproject.toml | 2 +- uvicorn/protocols/http/httptools_impl.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 17ee643c5..6dd4916db 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -39,7 +39,7 @@ dependencies = [ [project.optional-dependencies] standard = [ "colorama>=0.4;sys_platform == 'win32'", - "httptools>=0.5.0", + "httptools>=0.6.3", "python-dotenv>=0.13", "PyYAML>=5.1", "uvloop>=0.14.0,!=0.15.0,!=0.15.1; sys_platform != 'win32' and (sys_platform != 'cygwin' and platform_python_implementation != 'PyPy')", diff --git a/uvicorn/protocols/http/httptools_impl.py b/uvicorn/protocols/http/httptools_impl.py index 00f1fb720..5773a643a 100644 --- a/uvicorn/protocols/http/httptools_impl.py +++ b/uvicorn/protocols/http/httptools_impl.py @@ -58,6 +58,7 @@ def __init__( self.access_logger = logging.getLogger("uvicorn.access") self.access_log = self.access_logger.hasHandlers() self.parser = httptools.HttpRequestParser(self) + self.parser.set_dangerous_leniencies(lenient_data_after_close=True) self.ws_protocol_class = config.ws_protocol_class self.root_path = config.root_path self.limit_concurrency = config.limit_concurrency From 0ebbc70a1ba481400c0e3fa96d662edc06af125b Mon Sep 17 00:00:00 2001 From: Marcelo Trylesinski Date: Wed, 20 Nov 2024 19:54:36 +0100 Subject: [PATCH 2/3] Still support <0.6.3 --- uvicorn/protocols/http/httptools_impl.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/uvicorn/protocols/http/httptools_impl.py b/uvicorn/protocols/http/httptools_impl.py index 5773a643a..10af7b4ed 100644 --- a/uvicorn/protocols/http/httptools_impl.py +++ b/uvicorn/protocols/http/httptools_impl.py @@ -58,7 +58,14 @@ def __init__( self.access_logger = logging.getLogger("uvicorn.access") self.access_log = self.access_logger.hasHandlers() self.parser = httptools.HttpRequestParser(self) - self.parser.set_dangerous_leniencies(lenient_data_after_close=True) + + try: + # Enable dangerous leniencies to allow server to a response on the first request from a pipelined request. + self.parser.set_dangerous_leniencies(lenient_data_after_close=True) + except AttributeError: + # httptools < 0.6.3 + pass + self.ws_protocol_class = config.ws_protocol_class self.root_path = config.root_path self.limit_concurrency = config.limit_concurrency From 043d3269e42a544fcb50d011ca8a09456d43d40b Mon Sep 17 00:00:00 2001 From: Marcelo Trylesinski Date: Wed, 20 Nov 2024 20:00:15 +0100 Subject: [PATCH 3/3] Add pragma: no cover --- uvicorn/protocols/http/httptools_impl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/uvicorn/protocols/http/httptools_impl.py b/uvicorn/protocols/http/httptools_impl.py index 10af7b4ed..f3396a768 100644 --- a/uvicorn/protocols/http/httptools_impl.py +++ b/uvicorn/protocols/http/httptools_impl.py @@ -62,7 +62,7 @@ def __init__( try: # Enable dangerous leniencies to allow server to a response on the first request from a pipelined request. self.parser.set_dangerous_leniencies(lenient_data_after_close=True) - except AttributeError: + except AttributeError: # pragma: no cover # httptools < 0.6.3 pass