Passing body with manually defined 'Content-Length' produce invalid request #3045
Closed as not planned
Description
Subject
Passing non-ascii 'str' as a body with manually defined 'Content-Length' produce an invalid request.
We are trusting the user input instead of internal mechanisms.
Should we allow trusting 'Content-Length' in that specific case? I know requests rely "incorrectly" on that behavior.
It was not detected until my experiment in #3030 because http.client is lax. h11 did raise an InternalProtocolError as expected.
Originally found while doing downstream requests tests.
tests/test_requests.py::TestRequests::test_unicode_header_name
Environment
- urllib3 2.0.x
- urllib3 1.26.x
On any (supported) Python 3 interpreter or Operating system.
Steps to Reproduce
from urllib3 import request
if __name__ == "__main__":
resp = request("POST", "http://localhost:3000", body="🚀", headers={"Content-Length": "1"})Expected Behavior
with fake server dumps.
b"""POST / HTTP/1.1\r\nHost: localhost:3000\r\nAccept-Encoding: identity\r\nUser-Agent: python-urllib3/2.0.915\r\nContent-Length: 4\r\n\r\n\xf0\x9f\x9a\x80"""Actual Behavior
b"""POST / HTTP/1.1\r\nHost: localhost:3000\r\nAccept-Encoding: identity\r\nUser-Agent: python-urllib3/2.0.915\r\nContent-Length: 1\r\n\r\n\xf0\x9f\x9a\x80"""Fix
Maybe an acceptable fix? bd10e96#diff-542c95910a277028550d2c8943e8c49bbcb10f9af96e35d0a0eee99b8cfe9e8cR355