Context Navigation

← Previous Ticket
Next Ticket →

#30015 closed Bug (fixed)

HTTP server doesn't clear previous request data in keep-alive connection.

Reported by:	Konstantin Alekseev	Owned by:	nobody
Component:	HTTP handling	Version:	2.1
Severity:	Release blocker	Keywords:	keep-alive, server
Cc:	Florian Apolloner	Triage Stage:	Ready for checkin
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

Django 2.1.4 affected.
Commit that enabled keep-alive connections https://github.com/django/django/commit/934acf1126995f6e6ccba5947ec8f7561633c27f
Bug: if you make two requests in one keep-alive connection and first request posted data that wasn't read in the view
then on second request that data will be read alongside with first line of the new request.
As a result request.method will contain "..data from previous request...POST"

Pull request with test and possible fix https://github.com/django/django/pull/10732

Change History (7)

comment:1 by Simon Charette, 5 years ago

Cc:	Florian Apolloner added
Component:	Core (Other) → HTTP handling
Severity:	Normal → Release blocker
Triage Stage:	Unreviewed → Accepted
Type:	Uncategorized → Bug

comment:2 by Xavier Fernandez, 5 years ago

Hello,

our Selenium tests were also affected by the same change (bisecting lead to https://github.com/django/django/commit/e1721ece485b35ab5543f134203a8a8ce9f31a7c which is https://github.com/django/django/commit/934acf1126995f6e6ccba5947ec8f7561633c27f).

Basically, the webdriver get(url) gets stuck for several hundred of seconds leading to test timeout, I'm trying to build a minimal selenium test showing this regression.
In the meanwhile, the provided patch makes our tests pass again but seems to crash a bunch of threads with:

  File "/home/xfernandez/other_dev/django/django/core/servers/basehttp.py", line 101, in close
    obj._stream._read_limited()
AttributeError: '_io.BytesIO' object has no attribute '_read_limited'

  File "/home/xfernandez/other_dev/django/django/core/servers/basehttp.py", line 99, in close
    for obj in self.result._closable_objects:
AttributeError: 'FileWrapper' object has no attribute '_closable_objects'

comment:3 by Xavier Fernandez, 5 years ago

Nevermind my previous comment, my issue was in fact different (and might actually be invalid), cf #30018

comment:4 by Carlton Gibson, 5 years ago

Triage Stage:	Accepted → Ready for checkin

comment:5 by Carlton Gibson <carlton.gibson@…>, 5 years ago

Resolution:	→ fixed
Status:	new → closed

In b514dc14:

Fixed #30015 -- Ensured request body is properly consumed for keep-alive connections.

comment:6 by Tim Graham <timograham@…>, 5 years ago

In bbe28fa0:

Refs #30015 -- Added 2.1.5 release note and removed 'we' in comments.

comment:7 by Tim Graham <timograham@…>, 5 years ago

In 08f78a4f:

[2.1.x] Fixed #30015 -- Ensured request body is properly consumed for keep-alive connections.

Backport of b514dc14f4e1c364341f5931b354e83ef15ee12d and
bbe28fa07658f00786dc1d91ee281b4daac22d07 from master.

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues

Context Navigation

#30015 closed Bug (fixed)

HTTP server doesn't clear previous request data in keep-alive connection.

Description

Change History (7)

comment:1 by Simon Charette, 5 years ago

comment:2 by Xavier Fernandez, 5 years ago

comment:3 by Xavier Fernandez, 5 years ago

comment:4 by Carlton Gibson, 5 years ago

comment:5 by Carlton Gibson <carlton.gibson@…>, 5 years ago

comment:6 by Tim Graham <timograham@…>, 5 years ago

comment:7 by Tim Graham <timograham@…>, 5 years ago

Download in other formats:

Django Links

Learn More

Get Involved

Get Help

Follow Us

Support Us