wsgi: discard trailers#1062
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #1062 +/- ##
======================================
- Coverage 57% 57% -1%
======================================
Files 89 89
Lines 9873 9878 +5
Branches 1648 1649 +1
======================================
- Hits 5672 5658 -14
- Misses 3842 3872 +30
+ Partials 359 348 -11
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Hello, Thank you for proposing that change. Just to be sure about the motivation behind this patch, is it to address a request smuggling vulnerability, like the one in aiohttp? |
|
Hello, yes exactly. In wsgi, only one line after the final chunk was being read, leaving the trailers in the buffer. I've added logic to continue reading until the last trailer is processed. |
|
Thanks for your answer. LGTM. I'm gonna go to merge it and to release it. |
|
Fix included in accepted release 4.16.0-0.nightly-2026-01-20-190315 |
|
Fix included in accepted release 4.15.0-0.nightly-2026-01-23-004257 |
|
Fix included in accepted release 4.15.0-0.nightly-2026-01-23-102229 |
|
Fix included in accepted release 4.14.0-0.nightly-2026-01-26-153049 |
|
Fix included in accepted release 4.13.0-0.nightly-2026-02-10-163022 |
|
Fix included in accepted release 4.12.0-0.nightly-2026-02-19-132245 |
No description provided.