Opened 2 hours ago
Last modified 111 minutes ago
#36940 new Bug
Improve ASGI script prefix path_info handling
| Reported by: | Khadyot Takale | Owned by: | |
|---|---|---|---|
| Component: | HTTP handling | Version: | 6.0 |
| Severity: | Normal | Keywords: | asgi script-prefix path-info |
| Cc: | Khadyot Takale | Triage Stage: | Unreviewed |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
The current ASGIRequest.init uses str.removeprefix() to strip the script name from the request path to compute path_info. This is fragile because removeprefix is a pure string operation — it doesn't verify that the prefix is a proper path segment boundary.
For example, if script_name is /myapp and the path is /myapplication/page, removeprefix would incorrectly produce lication/page.
This patch replaces removeprefix with a check that ensures the script name is followed by / or is the exact path, before stripping it. This addresses the inline TODO comment.
Note:
See TracTickets
for help on using tickets.