The serialize_headers method of HttpResponse fails to handle latin1-compatible values
|Reported by:||xelnor||Owned by:||nobody|
|Severity:||Normal||Keywords:||http header encoding|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
If a header value (passed as unicode) contains only ascii data, serialize_headers() doesn't fail
If it contains characters that can't be encoded in latin1, serialize_headers() doesn't fail
If it contains only characters valid in latin1, including some outside the ascii range, serialize_headers() fails with a UnicodeDecodeError.
The culprit seems to lie on line 132 of django/http/response.py: that line calls ('%s: %s' % (key, value)).encode('us-ascii'), but at this point, key is ascii bytes and value is a bytes array containing either latin1-encoded text or mime-encoded utf8 text.
Since we're using unicode_literals, Python tries value.decode('ascii'), which fails if, and only if, value contains latin1 characters outside the ascii range.
I have attached a patch containing both a test exhibiting the issue and a patch fixing it (no test failure).
Note: This is not a release blocker, since the serialize_headers() and its callers (serialize() and __str__()) aren't used while answering requests.
Change History (7)
Changed 3 years ago by xelnor
comment:1 Changed 3 years ago by xelnor
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
Changed 3 years ago by claudep
comment:4 Changed 3 years ago by Claude Paroz <claude@…>
- Resolution set to fixed
- Status changed from new to closed