| Age | Commit message (Collapse) | Author |
|
Migrated `WSGIRequestHandler.log_message()` to use a more robust
`log_message()` helper, which was based of `log_response()` via factoring out
the common bits.
Refs CVE-2025-48432.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
|
|
Rewrapped long docstrings and block comments to 79 characters + newline
using script from https://github.com/medmunds/autofix-w505.
|
|
for HEAD requests.
|
|
Thanks Florian Apolloner for the review.
|
|
Co-authored-by: jannschu <jannik.schuerg@posteo.de>
|
|
The current implementation of LimitedStream is slow because .read()
performs an extra copy into a buffer and .readline() performs two
extra copies. The stream being wrapped is already typically a BytesIO
object so this is unnecessary.
This implementation has largely been untouched for 12 years and,
inspired by a simpler implementation in werkzeug, it was possible to
achieve the following performance improvement:
LimitedStream.read() (single line):
Mean +- std dev: [bench_limitedstream-main] 286 ns +- 6 ns
-> [bench_limitedstream-patch] 227 ns +- 6 ns: 1.26x faster
LimitedStream.readline() (single line):
Mean +- std dev: [bench_limitedstream-main] 507 ns +- 11 ns
-> [bench_limitedstream-patch] 232 ns +- 8 ns: 2.18x faster
LimitedStream.read(8192) (single line):
Mean +- std dev: [bench_limitedstream-main] 360 ns +- 8 ns
-> [bench_limitedstream-patch] 297 ns +- 6 ns: 1.21x faster
LimitedStream.readline(8192) (single line):
Mean +- std dev: [bench_limitedstream-main] 602 ns +- 10 ns
-> [bench_limitedstream-patch] 305 ns +- 10 ns: 1.98x faster
LimitedStream.read() (multiple lines):
Mean +- std dev: [bench_limitedstream-main] 290 ns +- 5 ns
-> [bench_limitedstream-patch] 236 ns +- 6 ns: 1.23x faster
LimitedStream.readline() (multiple lines):
Mean +- std dev: [bench_limitedstream-main] 517 ns +- 19 ns
-> [bench_limitedstream-patch] 239 ns +- 7 ns: 2.16x faster
LimitedStream.read(8192) (multiple lines):
Mean +- std dev: [bench_limitedstream-main] 363 ns +- 8 ns
-> [bench_limitedstream-patch] 311 ns +- 11 ns: 1.17x faster
LimitedStream.readline(8192) (multiple lines):
Mean +- std dev: [bench_limitedstream-main] 601 ns +- 12 ns
-> [bench_limitedstream-patch] 308 ns +- 7 ns: 1.95x faster
Geometric mean: 1.59x faster
|
|
Follow up to 0bc5cd628042bf0a44df60a93085a4f991a84dfb.
|
|
|
|
ThreadedWSGIServer is used by LiveServerTestCase.
|
|
ConnectionAbortedError, BrokenPipeError, ConnectionResetError raised
from SocketServer.BaseServer.finish_request() are already suppressed
by wsgiref.handlers.BaseHandler.run() in Python 3.7+, see
https://github.com/python/cpython/commit/47ffc1a9f6fab1c17cdcc325d4af066317369ed7
|
|
ConnectionAbortedError/ConnectionResetError errors.
See https://bugs.python.org/issue27682 and
https://github.com/python/cpython/pull/9713
|
|
Browsers often use multiple connections with Connection: keep-alive.
If --nothreading is specified, the WSGI server cannot accept new
connections until the old connection is closed, causing hangs.
Force Connection: close when --nothreading option is used.
|
|
Used more specific errors (e.g. FileExistsError) as appropriate.
|
|
|
|
connections.
|
|
Ticket #25619 changed the default protocol to HTTP/1.1 but did not
properly implement keep-alive. As a "fix" keep-alive was disabled in
ticket #28440 to prevent clients from hanging (they expect the server to
send more data if the connection is not closed and there is no content
length set).
The combination of those two fixes resulted in yet another problem:
HTTP/1.1 by default allows a client to assume that keep-alive is
supported unless the server disables it via 'Connection: close' -- see
RFC2616 8.1.2.1 for details on persistent connection negotiation. Now if
the client receives a response from Django without 'Connection: close'
and immediately sends a new request (on the same tcp connection) before
our server closes the tcp connection, it will error out at some point
because the connection does get closed a few milli seconds later.
This patch fixes the mentioned issues by always sending 'Connection:
close' if we cannot determine a content length. The code is inefficient
in the sense that it does not allow for persistent connections when
chunked responses are used, but that should not really cause any
problems (Django does not generate those) and it only affects the
development server anyways.
Refs #25619, #28440.
|
|
|
|
Disabled keep-alive to fix the regression in
e6065c7b8363202c5eb13ba10c97a8c24d014b45.
|
|
Thanks Tim Graham for the review.
|
|
|
|
The method customization was removed in 2ca00faa9137.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Thanks Tim Graham for the review.
|
|
|
|
extensibility.
|
|
Thanks Tim Graham and Loïc Bistuer for the reviews.
|
|
Thanks andreif for the contributing to the patch.
|
|
Prevented LiveServerTestCase from stealing ports used by concurrent
processes on Windows.
|
|
|
|
|
|
|
|
|
|
This is a security fix. Disclosure following shortly.
Thanks to Jedediah Smith for the report.
|
|
|
|
One handler in WSGIServer, to catch the error when raised from
SocketServer.BaseServer's finish_request, and one in WSGIRequestHandler
(by creating a subclass of ServerHandler), to catch the error when
raised in wsgiref.handlers.BaseHandler's finish_response.
|
|
Thanks Loic Bistuer for helping in shaping the patch and Claude Paroz
for the review.
|
|
|
|
Thanks clime for the report.
|
|
|
|
It has been only used in the builtin_servers tests since Django 1.4.
|
|
import_string().
Thanks Aymeric Augustin for the suggestion and review.
|
|
Filtering out static file requests in runserver has been judged
arbitrary and can hide some debugging-related activity.
Thanks Roy Smith for the report and Aymeric Augustin for the
review.
|
|
|