HEAD-handling code corrupts the HTTP channel in some cases, is generally redundant and confused in others
|Reported by:||Glyph||Owned by:||washort|
branch-diff, diff-cov, branch-cov, buildbot
If an UnsupportedMethod exception is thrown for rendering a HEAD method, the default for
GET is in
allowedMethods) is to call
render() again with the request mutated to have its method be
GET. In some resources presumably this will return a body.
NOT_DONE_YET (i.e. defers writing its body to the channel), the body will actually be returned to the client, violating the RFC. If the method attribute were left as
http.Request.write would enforce the no-data rule.
trial --coverage twisted.web, this code path is completely untested. It's not clear that it's even necessary, given that
Resource.render_HEAD delegates to
render_GET by default. (Or, vice versa.)
There's also more confused code at the end of
server.Request.render that tries to specifically handle HEAD.
Change History (11)
comment:6 Changed 7 years ago by
|Owner:||changed from Wilfredo Sánchez Vega to washort|
|Status:||assigned → new|