From b514dc14f4e1c364341f5931b354e83ef15ee12d Mon Sep 17 00:00:00 2001 From: Konstantin Alekseev Date: Thu, 6 Dec 2018 18:08:01 +0300 Subject: [PATCH] Fixed #30015 -- Ensured request body is properly consumed for keep-alive connections. --- django/core/servers/basehttp.py | 19 +++++++++++++++++++ tests/servers/tests.py | 17 +++++++++++++++++ tests/servers/urls.py | 1 + tests/servers/views.py | 6 ++++++ 4 files changed, 43 insertions(+) diff --git a/django/core/servers/basehttp.py b/django/core/servers/basehttp.py index 8a36b67eef..01487527f8 100644 --- a/django/core/servers/basehttp.py +++ b/django/core/servers/basehttp.py @@ -14,6 +14,7 @@ import sys from wsgiref import simple_server from django.core.exceptions import ImproperlyConfigured +from django.core.handlers.wsgi import LimitedStream from django.core.wsgi import get_wsgi_application from django.utils.module_loading import import_string @@ -80,6 +81,20 @@ class ThreadedWSGIServer(socketserver.ThreadingMixIn, WSGIServer): class ServerHandler(simple_server.ServerHandler): http_version = '1.1' + def __init__(self, stdin, stdout, stderr, environ, **kwargs): + """ + Setup a limited stream, so we can discard unread request data + at the end of the request. Django already uses `LimitedStream` + in `WSGIRequest` but it shouldn't discard the data since the + upstream servers usually do this. Hence we fix this only for + our testserver/runserver. + """ + try: + content_length = int(environ.get('CONTENT_LENGTH')) + except (ValueError, TypeError): + content_length = 0 + super().__init__(LimitedStream(stdin, content_length), stdout, stderr, environ, **kwargs) + def cleanup_headers(self): super().cleanup_headers() # HTTP/1.1 requires us to support persistent connections, so @@ -92,6 +107,10 @@ class ServerHandler(simple_server.ServerHandler): if self.headers.get('Connection') == 'close': self.request_handler.close_connection = True + def close(self): + self.get_stdin()._read_limited() + super().close() + def handle_error(self): # Ignore broken pipe errors, otherwise pass on if not is_broken_pipe_error(): diff --git a/tests/servers/tests.py b/tests/servers/tests.py index e38cb5eb07..5917e30d24 100644 --- a/tests/servers/tests.py +++ b/tests/servers/tests.py @@ -111,6 +111,23 @@ class LiveServerViews(LiveServerBase): finally: conn.close() + def test_keep_alive_connection_clears_previous_request_data(self): + conn = HTTPConnection(LiveServerViews.server_thread.host, LiveServerViews.server_thread.port) + try: + conn.request('POST', '/method_view/', b'{}', headers={"Connection": "keep-alive"}) + response = conn.getresponse() + self.assertFalse(response.will_close) + self.assertEqual(response.status, 200) + self.assertEqual(response.read(), b'POST') + + conn.request('POST', '/method_view/', b'{}', headers={"Connection": "close"}) + response = conn.getresponse() + self.assertFalse(response.will_close) + self.assertEqual(response.status, 200) + self.assertEqual(response.read(), b'POST') + finally: + conn.close() + def test_404(self): with self.assertRaises(HTTPError) as err: self.urlopen('/') diff --git a/tests/servers/urls.py b/tests/servers/urls.py index 9017161808..0a8a2984aa 100644 --- a/tests/servers/urls.py +++ b/tests/servers/urls.py @@ -11,4 +11,5 @@ urlpatterns = [ url(r'^subview_calling_view/$', views.subview_calling_view), url(r'^subview/$', views.subview), url(r'^check_model_instance_from_subview/$', views.check_model_instance_from_subview), + url(r'^method_view/$', views.method_view), ] diff --git a/tests/servers/views.py b/tests/servers/views.py index 078be67f46..1db56f44a3 100644 --- a/tests/servers/views.py +++ b/tests/servers/views.py @@ -1,6 +1,7 @@ from urllib.request import urlopen from django.http import HttpResponse, StreamingHttpResponse +from django.views.decorators.csrf import csrf_exempt from .models import Person @@ -42,3 +43,8 @@ def check_model_instance_from_subview(request): pass with urlopen(request.GET['url'] + '/model_view/') as response: return HttpResponse('subview calling view: {}'.format(response.read().decode())) + + +@csrf_exempt +def method_view(request): + return HttpResponse(request.method)