def _xsendfile_header(self):
header = self.xsendfile_header.strip()
if Request.is_valid_header(header):
return to_utf8(header)
else:
if not self._warn_xsendfile_header:
self._warn_xsendfile_header = True
self.log.warning("[trac] xsendfile_header is invalid: '%s'",
header)
return None
def _configurable_headers(self):
headers = []
invalids = []
for name, val in self.configurable_headers.options():
if Request.is_valid_header(name, val):
headers.append((name, val))
else:
invalids.append((name, val))
if invalids:
self.log.warning('[http-headers] invalid headers are ignored: %s',
', '.join('%r: %r' % i for i in invalids))
return tuple(headers)
def test_is_valid_header(self):
# Reserved headers not allowed.
for name in ('Content-Type', 'Content-Length', 'Location', 'ETag',
'Pragma', 'Cache-Control', 'Expires'):
self.assertFalse(Request.is_valid_header(name))
self.assertFalse(Request.is_valid_header(name.lower()))
# Control code not allowed in header value.
self.assertFalse(Request.is_valid_header('X-Custom-1', '\x00custom1'))
self.assertFalse(Request.is_valid_header('X-Custom-1', 'cust\x0aom1'))
self.assertFalse(Request.is_valid_header('X-Custom-1', 'custom1\x7f'))
# Only a subset of special characters allowed in header name.
self.assertFalse(Request.is_valid_header('X-Custom-(2)', 'custom2'))
self.assertFalse(Request.is_valid_header('X-Custom-:2:', 'custom2'))
self.assertTrue(
Request.is_valid_header('Aa0-!#$%&\'*+.^_`|~', 'custom2'))
