Opened 10 years ago

Closed 10 years ago

#6219 closed (wontfix)

HTTP header charset restrictions are too tight

Reported by: Malcolm Tredinnick Owned by: nobody
Component: Uncategorized Version: master
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


My reading of RFC 2616 (HTTP/1.1 spec) says that we're being too tough in our HTTP header handling. Section 4.2 says values can include text and quoted strings. Section 2.2 defines text (and quoted strings) to include any octet except some control characters.

Django currently insists that header values are in the ASCII range, which looks to be too small.

(This is a follow-up to #5956).

Change History (2)

comment:1 Changed 10 years ago by Malcolm Tredinnick

Triage Stage: UnreviewedAccepted

comment:2 Changed 10 years ago by Malcolm Tredinnick

Resolution: wontfix
Status: newclosed

Hmm .. upon thinking about this further and discussing it with ubernostrum, I think it's probably not worth doing this. It's not going to be useful in practice (RFC 2047 encoding is generally required and nobody implements the cookie RFCs correctly, which would be the exceptional case). Also, we're going to hit no end of WSGI-related problems (see this old thread for examples of why we can't expect the WSGI maintainers to change their requirements).

Note: See TracTickets for help on using tickets.
Back to Top