[issue34777] urllib.request accepts anything as a header parameter for some URLs

Mon, 24 Sep 2018 23:38:33 -0700 


Karthikeyan Singaravelan <tir.kar...@gmail.com> added the comment:

Thanks for the report. I tried similar requests and it works this way for other 
tools like curl since Akcept could be a custom header in some use cases though 
it could be a  typo in this context. There is no predefined set of media types 
that we need to validate as far as I can see from 
https://tools.ietf.org/html/rfc2616#section-14.1 and it depends on the server 
configuration to do validation. It's hard for Python to maintain a list of 
acceptable MIME types for validation across releases. A list of registered MIME 
types that is updated periodically : 
https://www.iana.org/assignments/media-types/media-types.xhtml and RFC for 
registration : https://tools.ietf.org/html/rfc6838

Some sample requests from curl with invalid headers.

curl -X GET https://httpbin.org/get -H 'Authorization: Token 
bc23f14356c114a8ffa319773583426878b7b37f' -H 'Cache-Control: no-cache' -H 
'Content-Type: application/json' -H 'Akcept: tekst/csv'
{
  "args": {},
  "headers": {
    "Accept": "*/*",
    "Akcept": "tekst/csv",
    "Authorization": "Token bc23f14356c114a8ffa319773583426878b7b37f",
    "Cache-Control": "no-cache",
    "Connection": "close",
    "Content-Type": "application/json",
    "Host": "httpbin.org",
    "User-Agent": "curl/7.37.1"
  },
  "origin": "182.73.135.26",
  "url": "https://httpbin.org/get";
}

curl -X GET https://httpbin.org/get -H 'Authorization: Token 
bc23f14356c114a8ffa319773583426878b7b37f' -H 'Cache-Control: no-cache' -H 
'Content-Type: application/json' -H 'Accept: tekst'
{
  "args": {},
  "headers": {
    "Accept": "tekst",
    "Authorization": "Token bc23f14356c114a8ffa319773583426878b7b37f",
    "Cache-Control": "no-cache",
    "Connection": "close",
    "Content-Type": "application/json",
    "Host": "httpbin.org",
    "User-Agent": "curl/7.37.1"
  },
  "origin": "182.73.135.26",
  "url": "https://httpbin.org/get";
}

Feel free to add in if I am missing something here but I think it's hard for 
Python to maintain the updated list and adding warning/error might break 
someone's code.

Thanks

----------
nosy: +xtreak

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue34777>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to