def _xsendfile_header(self): header = self.xsendfile_header.strip() if Request.is_valid_header(header): return to_utf8(header) else: if not self._warn_xsendfile_header: self._warn_xsendfile_header = True self.log.warning("[trac] xsendfile_header is invalid: '%s'", header) return None
def _configurable_headers(self): headers = [] invalids = [] for name, val in self.configurable_headers.options(): if Request.is_valid_header(name, val): headers.append((name, val)) else: invalids.append((name, val)) if invalids: self.log.warning('[http-headers] invalid headers are ignored: %s', ', '.join('%r: %r' % i for i in invalids)) return tuple(headers)
def test_is_valid_header(self): # Reserved headers not allowed. for name in ('Content-Type', 'Content-Length', 'Location', 'ETag', 'Pragma', 'Cache-Control', 'Expires'): self.assertFalse(Request.is_valid_header(name)) self.assertFalse(Request.is_valid_header(name.lower())) # Control code not allowed in header value. self.assertFalse(Request.is_valid_header('X-Custom-1', '\x00custom1')) self.assertFalse(Request.is_valid_header('X-Custom-1', 'cust\x0aom1')) self.assertFalse(Request.is_valid_header('X-Custom-1', 'custom1\x7f')) # Only a subset of special characters allowed in header name. self.assertFalse(Request.is_valid_header('X-Custom-(2)', 'custom2')) self.assertFalse(Request.is_valid_header('X-Custom-:2:', 'custom2')) self.assertTrue( Request.is_valid_header('Aa0-!#$%&\'*+.^_`|~', 'custom2'))