diff options
| author | Helmut Grohne <helmut@subdivi.de> | 2011-01-12 21:20:21 +0100 |
|---|---|---|
| committer | Helmut Grohne <helmut@subdivi.de> | 2011-01-12 21:20:21 +0100 |
| commit | 8f0c538410f94e18146a3514ba2284af89cbcf59 (patch) | |
| tree | 9fa8a778f2241041fa73cc95e6bd7fd11aa10579 /wsgitools/middlewares.py | |
| parent | 5743d081855fb71db736e6319b1deb6363994c0c (diff) | |
| download | wsgitools-8f0c538410f94e18146a3514ba2284af89cbcf59.tar.gz | |
bug fix for StaticContent and CachingMiddleware
PEP333 says that the headers list passed to start_response may be modified by
servers or middlewares. In fact this happens in DigestAuthMiddleware. The
StaticContent and CachingMiddleware classes did not take this into account and
returned the same headers list multiple times which is wrong and can lead to
denial of service.
Diffstat (limited to 'wsgitools/middlewares.py')
| -rw-r--r-- | wsgitools/middlewares.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/wsgitools/middlewares.py b/wsgitools/middlewares.py index 46a93f5..654f5db 100644 --- a/wsgitools/middlewares.py +++ b/wsgitools/middlewares.py @@ -260,7 +260,7 @@ class CachingMiddleware: if path in self.cache and self.cacheable(environ): cache_object = self.cache[path] if cache_object[0] + self.maxage >= now: - start_response(cache_object[1], cache_object[2]) + start_response(cache_object[1], list(cache_object[2])) return cache_object[3] else: del self.cache[path] @@ -272,7 +272,7 @@ class CachingMiddleware: return self.app(status, headers, exc_info) cache_object[1] = status cache_object[2] = headers - write = start_response(status, headers) + write = start_response(status, list(headers)) def modified_write(data): cache_object[3].append(data) write(data) |