Stop stomping on Twisted's header dict

2024-11-21 15:36:33 +03:00 · 2016-02-05 17:41:14 -08:00 · 2016-02-05 17:41:14 -08:00 · 40ed9625c3
commit 40ed9625c3
parent b86c8a0164
2 changed files with 4 additions and 4 deletions
--- a/daphne/http_protocol.py
+++ b/daphne/http_protocol.py
@ -41,12 +41,12 @@ class WebRequest(http.Request):
        if b"?" in self.uri:
            self.query_string = self.uri.split(b"?", 1)[1]
        # Sanitize headers
-        self.headers = {}
+        self.clean_headers = {}
        for name, value in self.requestHeaders.getAllRawHeaders():
            # Prevent CVE-2015-0219
            if b"_" in name:
                continue
-            self.headers[name.lower().decode("latin1")] = value[0]
+            self.clean_headers[name.lower().decode("latin1")] = value[0]
        # Is it WebSocket? IS IT?!
        if upgrade_header == "websocket":
            # Make WebSocket protocol to hand off to
@ -88,7 +88,7 @@ class WebRequest(http.Request):
                "path": self.path,
                "scheme": "http",
                "query_string": self.query_string,
-                "headers": self.headers,
+                "headers": self.clean_headers,
                "body": self.content.read(),
                "client": [self.client.host, self.client.port],
                "server": [self.host.host, self.host.port],
--- a/daphne/ws_protocol.py
+++ b/daphne/ws_protocol.py
@ -21,7 +21,7 @@ class WebSocketProtocol(WebSocketServerProtocol):
    def onConnect(self, request):
        self.request_info = {
            "path": request.path,
-            "headers": self.headers,
+            "headers": self.clean_headers,
            "query_string": request.query_string,
            "client": [request.client.host, request.client.port],
            "server": [request.host.host, request.host.port],