Multiple HTTP message-header fields are not properly represented in HTTPRequest.environ
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Invalid
|
Low
|
Unassigned |
Bug Description
RFC 2616 (HTTP 1.1) allows multiple header lines with the same header name (see RFC2616, section 4.2), but only the first of these lines is copied into ZPublisher.
Example: Access a Zope server through a "client-side proxy" like squid and through Pound, run as a revers proxy in front of Zope. Squid inserts the HTTP header line
> X-Forwarded-for: 1.2.3.4
and Pound appends the line
> X-Forwarded-for: 2.3.4.5
to the request header.
but the output of <dtml-var REQUEST> will only show
> HTTP_X_
Since the header fields are stored in a dictionary, the two header lines must be merged into one line.
This can be done in ZServer.
> env_has=env.has_key
> for header in request.header:
> key,value=
> key=key.lower()
> value=value.strip()
> if h2ehas(key) and value:
> env[h2eget(
> else:
> key='HTTP_%s' % ("_".join(
> if value and not env_has(key):
> env[key]=value
> env.update(
> return env
Changing the last lines to
> if value and not env_has(key):
> env[key]=value
> else:
> env[key] += ', ' + value
> env.update(
> return env
stores all header data int he environment dictionary.
Changed in zope2: | |
status: | New → Triaged |
I would like to this fixed, too, but I think this should happen already in medusa/ http_server. py.
Wouldn't the join_headers() function be a good place to do so? IMO, it could build a header-cache along the way, which in turn could relieve all these get_header_*() methods with their many "for line in header" loops.
Would this make sense?