bug fix for StaticContent and CachingMiddleware

PEP333 says that the headers list passed to start_response may be modified by servers or middlewares. In fact this happens in DigestAuthMiddleware. The StaticContent and CachingMiddleware classes did not take this into account and returned the same headers list multiple times which is wrong and can lead to denial of service.
author: Helmut Grohne <helmut@subdivi.de> 2011-01-12 21:20:21 +0100
committer: Helmut Grohne <helmut@subdivi.de> 2011-01-12 21:20:21 +0100
commit: 8f0c538410f94e18146a3514ba2284af89cbcf59 (patch)
tree: 9fa8a778f2241041fa73cc95e6bd7fd11aa10579 /wsgitools/applications.py
parent: 5743d081855fb71db736e6319b1deb6363994c0c (diff)
download: wsgitools-8f0c538410f94e18146a3514ba2284af89cbcf59.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/wsgitools/applications.py b/wsgitools/applications.py
index 63ed63c..8a02fe8 100644
--- a/wsgitools/applications.py
+++ b/wsgitools/applications.py
@@ -54,7 +54,7 @@ class StaticContent:
             start_response("501 Not Implemented",
                            [("Content-length", str(len(resp)))])
             return [resp]
-        start_response(self.status, self.headers)
+        start_response(self.status, list(self.headers))
         if environ["REQUEST_METHOD"].upper() == "HEAD":
             return []
         return self.content
author	Helmut Grohne <helmut@subdivi.de>	2011-01-12 21:20:21 +0100
committer	Helmut Grohne <helmut@subdivi.de>	2011-01-12 21:20:21 +0100
commit	8f0c538410f94e18146a3514ba2284af89cbcf59 (patch)
tree	9fa8a778f2241041fa73cc95e6bd7fd11aa10579 /wsgitools/applications.py
parent	5743d081855fb71db736e6319b1deb6363994c0c (diff)
download	wsgitools-8f0c538410f94e18146a3514ba2284af89cbcf59.tar.gz