#36467: Remove leading whitespace in value of Set-Cookie header in wsgi handler
-------------------------------------+-------------------------------------
Reporter: lukas- | Owner: lukas-komischke-
komischke-ameos | ameos
Type: | Status: assigned
Uncategorized |
Component: HTTP | Version: 5.1
handling |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 1
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Currently, response headers in handlers/wsgi.py are generated with their
value component starting with a whitespace character.
Although these whitespaces should be cleaned up by clients, if I
understand RFC 6265 correctly, this causes an issue when using ''tornado''
> 6.5.0, as they have implemented stricter checks for headers:
{{{
tornado.httputil.HTTPInputError: Invalid header value '
csrftoken=7pFTUEBo24KFj9cKhWfeuTPSXmWYmYuQ; expires=Tue, 09 Jun 2026
14:27:44 GMT; Max-Age=31449600; Path=/; SameSite=Lax'
}}}
Django already properly strips those whitespaces in handlers/asgi.py, so
I'd suggest also stripping them in handlers/wsgi.py in order to restore
compatibility with ''tornado''.
--
Ticket URL: <https://code.djangoproject.com/ticket/36467>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/010701977d2793c3-65ac08c0-c389-4c94-b588-6cf4df586a43-000000%40eu-central-1.amazonses.com.
