Warning instead of error when base prefix ends with '/'

Workaround for #1210
This commit is contained in:
Unrud 2022-01-26 21:37:46 +01:00
parent e4cc73098a
commit 2cbbd4dc9c
2 changed files with 23 additions and 8 deletions

View File

@ -191,13 +191,16 @@ class Application(ApplicationPartDelete, ApplicationPartHead,
base_prefix_src = ("HTTP_X_SCRIPT_NAME" if "HTTP_X_SCRIPT_NAME" in base_prefix_src = ("HTTP_X_SCRIPT_NAME" if "HTTP_X_SCRIPT_NAME" in
environ else "SCRIPT_NAME") environ else "SCRIPT_NAME")
base_prefix = environ.get(base_prefix_src, "") base_prefix = environ.get(base_prefix_src, "")
if base_prefix and (base_prefix[0] != "/" or base_prefix[-1] == "/"): if base_prefix and base_prefix[0] != "/":
logger.error("Base prefix (from %s) must %s with '/': %r", logger.error("Base prefix (from %s) must start with '/': %r",
base_prefix_src, "not end" if base_prefix[-1] == "/" base_prefix_src, base_prefix)
else "start", base_prefix)
if base_prefix_src == "HTTP_X_SCRIPT_NAME": if base_prefix_src == "HTTP_X_SCRIPT_NAME":
return response(*httputils.BAD_REQUEST) return response(*httputils.BAD_REQUEST)
return response(*httputils.INTERNAL_SERVER_ERROR) return response(*httputils.INTERNAL_SERVER_ERROR)
if base_prefix.endswith("/"):
logger.warning("Base prefix (from %s) must not end with '/': %r",
base_prefix_src, base_prefix)
base_prefix = base_prefix.rstrip("/")
logger.debug("Base prefix (from %s): %r", base_prefix_src, base_prefix) logger.debug("Base prefix (from %s): %r", base_prefix_src, base_prefix)
# Sanitize request URI (a WSGI server indicates with an empty path, # Sanitize request URI (a WSGI server indicates with an empty path,
# that the URL targets the application root without a trailing slash) # that the URL targets the application root without a trailing slash)

View File

@ -67,8 +67,14 @@ permissions: RrWw""")
def test_root_broken_script_name(self) -> None: def test_root_broken_script_name(self) -> None:
"""GET request at "/" with SCRIPT_NAME ending with "/".""" """GET request at "/" with SCRIPT_NAME ending with "/"."""
for script_name in ["/", "/radicale/", "radicale"]: for script_name, prefix in [
self.get("/", check=500, SCRIPT_NAME=script_name) ("/", ""), ("//", ""), ("/radicale/", "/radicale"),
("radicale", None), ("radicale//", None)]:
_, headers, _ = self.request(
"GET", "/", check=500 if prefix is None else 302,
SCRIPT_NAME=script_name)
assert (prefix is None or
headers.get("Location") == prefix + "/.web")
def test_root_http_x_script_name(self) -> None: def test_root_http_x_script_name(self) -> None:
"""GET request at "/" with HTTP_X_SCRIPT_NAME.""" """GET request at "/" with HTTP_X_SCRIPT_NAME."""
@ -79,8 +85,14 @@ permissions: RrWw""")
def test_root_broken_http_x_script_name(self) -> None: def test_root_broken_http_x_script_name(self) -> None:
"""GET request at "/" with HTTP_X_SCRIPT_NAME ending with "/".""" """GET request at "/" with HTTP_X_SCRIPT_NAME ending with "/"."""
for script_name in ["/", "/radicale/", "radicale"]: for script_name, prefix in [
self.get("/", check=400, HTTP_X_SCRIPT_NAME=script_name) ("/", ""), ("//", ""), ("/radicale/", "/radicale"),
("radicale", None), ("radicale//", None)]:
_, headers, _ = self.request(
"GET", "/", check=400 if prefix is None else 302,
HTTP_X_SCRIPT_NAME=script_name)
assert (prefix is None or
headers.get("Location") == prefix + "/.web")
def test_sanitized_path(self) -> None: def test_sanitized_path(self) -> None:
"""GET request with unsanitized paths.""" """GET request with unsanitized paths."""