mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-25 03:09:15 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #36399 -- Added support for multiple Cookie headers in HTTP/2 for ASGIRequest.

Browse Source 
Signed-off-by: SaJH <wogur981208@gmail.com>
This commit is contained in:
SaJH 2025-08-20 22:54:46 +09:00 committed by Sarah Boyce
parent ed7c1a5640
commit f2a6c0477f
3 changed files with 38 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
django/core/handlers/asgi.py
View File

@ -94,7 +94,11 @@ class ASGIRequest(HttpRequest):
# HTTP/2 say only ASCII chars are allowed in headers, but decode # HTTP/2 say only ASCII chars are allowed in headers, but decode
# latin1 just in case. # latin1 just in case.
value = value.decode("latin1") value = value.decode("latin1")
if corrected_name in self.META: if corrected_name == "HTTP_COOKIE":
value = value.rstrip("; ")
if "HTTP_COOKIE" in self.META:
value = self.META[corrected_name] + "; " + value
elif corrected_name in self.META:
value = self.META[corrected_name] + "," + value value = self.META[corrected_name] + "," + value
self.META[corrected_name] = value self.META[corrected_name] = value
# Pull out request encoding, if provided. # Pull out request encoding, if provided.

3
docs/releases/6.0.txt
View File

@ -333,7 +333,8 @@ Pagination
Requests and Responses Requests and Responses
~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
* ... * Multiple ``Cookie`` headers are now supported for HTTP/2 requests when
running with ASGI.
Security Security
~~~~~~~~ ~~~~~~~~

31
tests/asgi/tests.py
View File

@ -732,3 +732,34 @@ class ASGITest(SimpleTestCase):
await handler.read_body(receive_rolled) await handler.read_body(receive_rolled)
# The second write should have rolled over to disk. # The second write should have rolled over to disk.
self.assertTrue(any(t != loop_thread for t in called_threads)) self.assertTrue(any(t != loop_thread for t in called_threads))
def test_multiple_cookie_headers_http2(self):
test_cases = [
{
"label": "RFC-compliant headers (no semicolon)",
"headers": [
(b"cookie", b"a=abc"),
(b"cookie", b"b=def"),
(b"cookie", b"c=ghi"),
],
},
{
# Some clients may send cookies with trailing semicolons.
"label": "Headers with trailing semicolons",
"headers": [
(b"cookie", b"a=abc;"),
(b"cookie", b"b=def;"),
(b"cookie", b"c=ghi;"),
],
},
]
for case in test_cases:
with self.subTest(case["label"]):
scope = self.async_request_factory._base_scope(
path="/", http_version="2.0"
)
scope["headers"] = case["headers"]
request = ASGIRequest(scope, None)
self.assertEqual(request.META["HTTP_COOKIE"], "a=abc; b=def; c=ghi")
self.assertEqual(request.COOKIES, {"a": "abc", "b": "def", "c": "ghi"})