Opened 9 years ago

Closed 9 years ago

#6219 closed (wontfix)

HTTP header charset restrictions are too tight

Reported by: mtredinnick Owned by: nobody
Component: Uncategorized Version: master
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


My reading of RFC 2616 (HTTP/1.1 spec) says that we're being too tough in our HTTP header handling. Section 4.2 says values can include text and quoted strings. Section 2.2 defines text (and quoted strings) to include any octet except some control characters.

Django currently insists that header values are in the ASCII range, which looks to be too small.

(This is a follow-up to #5956).

Change History (2)

comment:1 Changed 9 years ago by mtredinnick

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 9 years ago by mtredinnick

  • Resolution set to wontfix
  • Status changed from new to closed

Hmm .. upon thinking about this further and discussing it with ubernostrum, I think it's probably not worth doing this. It's not going to be useful in practice (RFC 2047 encoding is generally required and nobody implements the cookie RFCs correctly, which would be the exceptional case). Also, we're going to hit no end of WSGI-related problems (see this old thread for examples of why we can't expect the WSGI maintainers to change their requirements).

Note: See TracTickets for help on using tickets.
Back to Top