Skip to content

Commit

Permalink
decode HTTP request headers as iso-8859-1, not utf-8 (fixes #533)
Browse files Browse the repository at this point in the history
  • Loading branch information
Tobias Oberstein committed Feb 1, 2016
1 parent 0b9342a commit 1b35fa9
Showing 1 changed file with 14 additions and 5 deletions.
19 changes: 14 additions & 5 deletions autobahn/websocket/protocol.py
Original file line number Diff line number Diff line change
Expand Up @@ -290,11 +290,19 @@ def parseHttpHeader(data):
FOR INTERNAL USE ONLY!
:param data: The HTTP header data up to the \n\n line.
:type data: str
:type data: bytes
:returns: tuple -- Tuple of HTTP status line, headers and headers count.
"""
raw = data.decode('utf8').splitlines()
# By default, message header field parameters in Hypertext Transfer
# Protocol (HTTP) messages cannot carry characters outside the ISO-
# 8859-1 character set.
#
# See:
# - http://tools.ietf.org/html/rfc5987
# - https://github.com/crossbario/autobahn-python/issues/533
#
raw = data.decode('iso-8859-1').splitlines()
http_status_line = raw[0].strip()
http_headers = {}
http_headers_cnt = {}
Expand All @@ -303,8 +311,6 @@ def parseHttpHeader(data):
if i > 0:
# HTTP header keys are case-insensitive
key = h[:i].strip().lower()

# not sure if UTF-8 is allowed for HTTP header values..
value = h[i + 1:].strip()

# handle HTTP headers split across multiple lines
Expand Down Expand Up @@ -2446,7 +2452,10 @@ def processHandshake(self):

# extract HTTP status line and headers
#
(self.http_status_line, self.http_headers, http_headers_cnt) = parseHttpHeader(self.http_request_data)
try:
self.http_status_line, self.http_headers, http_headers_cnt = parseHttpHeader(self.http_request_data)
except Exception as e:
return self.failHandshake("Error during parsing of HTTP status line / request headers : {0}".format(e))

# validate WebSocket opening handshake client request
#
Expand Down

0 comments on commit 1b35fa9

Please sign in to comment.