Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#30015 closed Bug (fixed)

HTTP server doesn't clear previous request data in keep-alive connection.

Reported by: Konstantin Alekseev Owned by: nobody
Component: HTTP handling Version: 2.1
Severity: Release blocker Keywords: keep-alive, server
Cc: Florian Apolloner Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Django 2.1.4 affected.
Commit that enabled keep-alive connections
Bug: if you make two requests in one keep-alive connection and first request posted data that wasn't read in the view
then on second request that data will be read alongside with first line of the new request.
As a result request.method will contain " from previous request...POST"

Pull request with test and possible fix

Change History (7)

comment:1 by Simon Charette, 6 years ago

Cc: Florian Apolloner added
Component: Core (Other)HTTP handling
Severity: NormalRelease blocker
Triage Stage: UnreviewedAccepted
Type: UncategorizedBug

comment:2 by Xavier Fernandez, 6 years ago


our Selenium tests were also affected by the same change (bisecting lead to which is

Basically, the webdriver get(url) gets stuck for several hundred of seconds leading to test timeout, I'm trying to build a minimal selenium test showing this regression.
In the meanwhile, the provided patch makes our tests pass again but seems to crash a bunch of threads with:

  File "/home/xfernandez/other_dev/django/django/core/servers/", line 101, in close
AttributeError: '_io.BytesIO' object has no attribute '_read_limited'


  File "/home/xfernandez/other_dev/django/django/core/servers/", line 99, in close
    for obj in self.result._closable_objects:
AttributeError: 'FileWrapper' object has no attribute '_closable_objects'

comment:3 by Xavier Fernandez, 6 years ago

Nevermind my previous comment, my issue was in fact different (and might actually be invalid), cf #30018

comment:4 by Carlton Gibson, 6 years ago

Triage Stage: AcceptedReady for checkin

comment:5 by Carlton Gibson <carlton.gibson@…>, 6 years ago

Resolution: fixed
Status: newclosed

In b514dc14:

Fixed #30015 -- Ensured request body is properly consumed for keep-alive connections.

comment:6 by Tim Graham <timograham@…>, 6 years ago

In bbe28fa0:

Refs #30015 -- Added 2.1.5 release note and removed 'we' in comments.

comment:7 by Tim Graham <timograham@…>, 6 years ago

In 08f78a4f:

[2.1.x] Fixed #30015 -- Ensured request body is properly consumed for keep-alive connections.

Backport of b514dc14f4e1c364341f5931b354e83ef15ee12d and
bbe28fa07658f00786dc1d91ee281b4daac22d07 from master.

Note: See TracTickets for help on using tickets.
Back to Top