Fixed #10188: prevent newlines in HTTP headers. Thanks, bthomas.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@10711 bcc190cf-cafb-0310-a4f2-bffc1f526a37
author: Jacob Kaplan-Moss <jacob@jacobian.org> 2009-05-08 11:15:23 +0000
committer: Jacob Kaplan-Moss <jacob@jacobian.org> 2009-05-08 11:15:23 +0000
commit: 155ab07a5d40f5e0a426423cb8df3868a37a02f8 (patch)
tree: b75328ea129d70b5b15a125a8fa4649622c4703b /docs
parent: a7faf6424a8193cbf8a3a8d017461188fe9ea9c9 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/docs/ref/request-response.txt b/docs/ref/request-response.txt
index 6b29b3bb61..8701c76235 100644
--- a/docs/ref/request-response.txt
+++ b/docs/ref/request-response.txt
@@ -445,6 +445,11 @@ To set a header in your response, just treat it like a dictionary::
     >>> response = HttpResponse()
     >>> response['Pragma'] = 'no-cache'
 
+.. versionadded:: 1.1
+
+HTTP headers cannot contain newlines. An attempt to set a header containing a
+newline character (CR or LF) will raise ``BadHeaderError``
+
 Telling the browser to treat the response as a file attachment
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
author	Jacob Kaplan-Moss <jacob@jacobian.org>	2009-05-08 11:15:23 +0000
committer	Jacob Kaplan-Moss <jacob@jacobian.org>	2009-05-08 11:15:23 +0000
commit	155ab07a5d40f5e0a426423cb8df3868a37a02f8 (patch)
tree	b75328ea129d70b5b15a125a8fa4649622c4703b /docs
parent	a7faf6424a8193cbf8a3a8d017461188fe9ea9c9 (diff)