Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sending default 'Server' header when failing on wrong HTTP method #8870

Closed
1 task done
dlipeev opened this issue Aug 23, 2024 · 6 comments
Closed
1 task done

Sending default 'Server' header when failing on wrong HTTP method #8870

dlipeev opened this issue Aug 23, 2024 · 6 comments

Comments

@dlipeev
Copy link

dlipeev commented Aug 23, 2024

Describe the bug

When server receives HTTP request with wrong HTTP method (not one of GET,POST ...etc...) response contains a default SERVER_SOFTWARE value even if SERVER_SOFTWARE values was changed.

To Reproduce

  1. Implement a simplest web server with aiohttp 3.9.5
  2. Then run curl -vv -X HZ h:z@127.0.0.1:8080/

Expected behavior

After changing SERVER_SOFTWARE it must be modified in all scopes.

Logs/tracebacks

root@desktop:/tmp# curl -vv -s -X HZ zal:upa@192.168.88.24:8080/
*   Trying 192.168.88.24:8080...
* TCP_NODELAY set
* Connected to 192.168.88.24 (192.168.88.24) port 8080 (#0)
* Server auth using Basic with user 'zal'
> HZ / HTTP/1.1
> Host: 192.168.88.24:8080
> Authorization: Basic emFsOnVwYQ==
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad Request
< Content-Type: text/plain; charset=utf-8
< Content-Length: 54
< Date: Thu, 22 Aug 2024 12:31:28 GMT
< Server: Python/3.11 aiohttp/3.9.5
< 
Invalid method encountered:

  b'-s / HTTP/1.1'

Python Version

Python 3.11.8

aiohttp Version

3.9.5

multidict Version

Version: 6.0.5

yarl Version

Version: 1.9.4

OS

Linux

Related component

Server

Additional context

No response

Code of Conduct

  • I agree to follow the aio-libs Code of Conduct
@dlipeev dlipeev added the bug label Aug 23, 2024
@Dreamsorcerer
Copy link
Member

Can you provide a complete reproducer? It's not clear what is meant by "SERVER_SOFTWARE values was changed" or how you're doing it...

@dlipeev
Copy link
Author

dlipeev commented Aug 23, 2024

reproducing

from aiohttp import web, http

async def handler(request):
    text = "123"
    return web.Response(text=text)

async def make_app():
    app = web.Application()
    http.SERVER_SOFTWARE = 'failing server'
    # secret_key must be 32 url-safe base64-encoded bytes
    app.add_routes([web.get('/', handler)])
    return app

web.run_app(make_app())

then run curl -vv -X HZ h:z@127.0.0.1:8080/

response header Server: Python/3.11 aiohttp/3.9.5 instead of failing server

@Dreamsorcerer
Copy link
Member

OK, I don't think that's a supported way to change the header. I assume that the default handler takes a reference on import, before you've changed the global.

@Dreamsorcerer
Copy link
Member

I only see it referenced in one place, so I don't see any reason the behaviour would be different whether the method is correct or not...

I think the correct way to handle this would be a middleware, but I think middlewares may not run on system routes (e.g. when a matching handler is not found), though I think this is something we could consider changing.

@Dreamsorcerer Dreamsorcerer removed the bug label Aug 23, 2024
@webknjaz
Copy link
Member

#3607 (comment)

@Dreamsorcerer
Copy link
Member

That should work.

@Dreamsorcerer Dreamsorcerer closed this as not planned Won't fix, can't repro, duplicate, stale Aug 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@webknjaz @Dreamsorcerer @dlipeev